Alessandra R. Noronha Gomes
Lawyer at Marcos Martins Advogados
From now on, small businesses and entrepreneurs will benefit in terms of the procedures required to comply with the LGPD, through exemptions and easing of some obligations.
The National Data Protection Agency (ANPD) has regulated legislation to apply the LGPD to small companies, which in the law are referred to as “small processing agents”, namely: micro-enterprises, small companies, startups, legal entities, natural persons and depersonalized private entities that process personal data.
It is important to highlight some of these exemptions and flexibilities, such as: (i) double time to respond to requests from data subjects, communications to the ANPD and the provision of a declaration; (ii) a simplified procedure for reporting security incidents; (iii) no obligation to appoint a DPO (Data Protection Officer), simply to provide a communication channel with the data subject; (iv) compliance with essential and necessary administrative and technical measures based on minimum security and data protection requirements.
Small businesses will benefit from the simplification of the procedures required by the LGPD, which will also have a direct impact on reducing internal costs to comply with the law.
Therefore, the advent of the Resolution demonstrates the ANPD’s greater concern about the effectiveness of the LGPD itself, to the extent that the obligations imposed by the law could be unenforceable for small companies and entrepreneurs. It is worth remembering that the punishments provided for in the LGPD are already in force and, last October, the ANPD regulated the inspection procedure and the administrative sanctioning process for determining non-compliance with the law and applying the penalties.
Marcos Martins Advogados is attentive to new legislation and case law in order to provide our clients with appropriate and effective advice.