In September 2021, Quebec’s Parliament updated its data privacy regime by passing the Act to Modernize Legislative Provisions as Regards the Protection of Personal Information, 2021 (“Law 25”). It is critical to determine whether an organization is subject to Law 25, as there are potential fines of up to 4% of an organization’s worldwide turnover.
Brazil’s Data Protection Agency clarifies what sanctions look like for violations of the country’s General Data Protection Law.[1]
On Feb. 27, 2023, Brazil’s Data Protection Agency (ANPD) issued the Regulation of Dosimetry and Application of Administrative Sanction (Regulation), which details fines and other sanctions for violations of Brazil’s General Data Protection Law (LGPD) by
In September 2021, Quebec’s Parliament enacted Law 25 (formerly Bill 64) (the “Law”), which updated Quebec’s data protection laws and added requirements for enterprises that do business within the province. Specifically, as of September 2022 companies should have 1) appointed a data protection
On Jan. 27, 2022, Brazil’s Data Protection Agency (ANPD) adopted Resolution ANPD No. 2 (the “Resolution”), limiting Brazil’s Data Protection Law (LGPD) obligations on small entities.
Similar to the European GDPR, the LGPD categorizes businesses subject to the law as either “controllers” or “processors.” However, the LGPD also groups these two categories together
Recent developments from the ANPD provide insight into the path ahead.
On July 7, 2022, Brazil’s National Data Protection Authority (ANPD) published its semiannual Regulatory Agenda Monitoring Report. This report updated the public on the current status of the ANPD’s regulatory agenda. With the comment period for regulations on international data transfers officially closing June