Home

ANPD

ANPD stands for Autoridade Nacional de Proteção de Dados, the Brazilian federal agency responsible for regulating and enforcing data protection under the General Data Protection Law (LGPD). Created to oversee the processing of personal data in both the public and private sectors, the ANPD promotes privacy rights, provides guidance, and ensures compliance with Brazil’s data protection framework.

Its mandate includes issuing regulatory guidelines and standards, supervising controllers and processors, conducting audits, and applying

Organization and remit: As a federal regulatory body, the ANPD operates within the executive branch and coordinates

History and status: The LGPD, enacted in 2018, established the ANPD to enforce the law. The agency

sanctions
for
LGPD
violations.
Sanctions
can
include
fines,
with
penalties
reaching
up
to
2%
of
the
offending
entity’s
revenue
in
the
previous
fiscal
year,
up
to
50
million
reais
per
violation,
as
well
as
measures
such
as
publicizing
findings,
blocking
or
deleting
data,
and
requiring
corrective
actions.
The
ANPD
also
handles
data
breach
notifications,
requiring
that
incidents
with
risk
or
damage
be
reported
to
both
the
ANPD
and
affected
data
subjects
within
a
defined
timeframe,
commonly
cited
as
72
hours
after
discovery.
In
addition,
the
agency
approves
codes
of
conduct,
certification
mechanisms,
and
transfer
mechanisms
for
cross-border
data
flows.
with
other
government
entities,
including
the
public
prosecutor’s
office
and
consumer
protection
agencies,
to
address
privacy
and
data
protection
issues.
It
provides
guidance
to
businesses
and
public
authorities
and
engages
with
data
subjects
through
complaint
handling
and
transparency
initiatives.
began
operating
in
the
early
2020s
and
has
since
issued
regulatory
guidance,
conducted
inspections,
and
pursued
enforcement
actions
to
promote
compliance
and
strengthen
data
protection
in
Brazil.