On 28th January was celebrated the International Data Protection Day. This date has been chosen in reference to Convention 108 of European Council, signed on 28th January 1981, which provided about processing of personal data treatment. The European Parliament has always insisted on the need to achieve a balance between improving security and preserving human rights, including privacy and data protection.
It is a great historical milestone for the country, considering it to be the first year in which Brazil celebrates the date with full validity of the Brazilian Data Protection Law (LGPD) and with the effective action of Brazilian Data Protection Authority (ANPD).
This law has brought numerous benefits and rights to Brazilians, because it is possible to know exactly what data is being collected and how it will be stored and protected. This transparency regarding the processing of personal data promotes the progress of a relationship of trust in all areas, whether in the consumer, labor, and civil, among other importante matters in the daily routine.
Therefore, on the Brazilian Data Protection Law's first anniversary, the ANPD published a Resolution CD/ANPD under the number 02, which regulates the application of the law for small businesses, such as microenterprises, general small businesses, startups, private law legal entities, etc.
It is important to emphasize that the size of a company does not disfigure that the data subject has its rights to withhold, nor does it prevent the applicability of the law from observing all fundamental principles, such as: ood faith, free access, data quality, security, transparency, non-discrimination, liability, etc.
In brief, this Resolution turns some rules and deadlines more flexible for those small businesses, such as: the obligation to establish a DPO (Data Protection Officer); the simplification of the Registry of Treatment Activities (ROPA); double time deadlines for requests from comsumers and notifications of incidents, in addition to the provision of a declaration provided in article 19, item II of the LGPD.
This said, it is noteworthy that even with the exceptions brought up above, it is fundamental that those companies adopt preventive measures and have good practices with regard to privacy and data protection in case of inspections, notifications and investigation of security incidents, being at the discretion of ANPD about the applicability of the fulfilment of obligations and the flexibility provided in the resolution.
For the full version of Resolution click on the link below:
by Juliano Mello