Skip to main content
News

An insight into the most recent Privacy Developments in Brazil

January 30, 2025

Two key documents for Data Protection and the Life Sciences Industry have recently been published by the Brazilian authorities:

Guidelines on the role of DPO

On the 19 of December 2024, the Brazilian Data Protection Authority (‘ANPD’) has published guidelines on the role of the Data Protection Officer (‘DPO’) (link). The document complements CD/ANPD Resolution No. 18 of 16 July 2024 which established rules in relation the role of DPOs (link).  The release of these new guidelines aims to further detail the role of this figure and to help society interpret the standard correctly.  In addition, the guidelines aim to indicate good practice for controllers and processors.

To this end, the guidance clarifies:

  • The cases in which the appointment of a DPO is mandatory;
  • Illustrating the scope of the exception for small and medium-sized enterprises (‘SMS’), in especial, it confirms that all SMS enterprises that process high-risk data must have a Data Protection Officer;
  • That the engagement of a DPO by the processor is optional but considered good practice;
  • Specifies the procedures for making the DPO’s contact details public;
  • Proposes an example of a template in the appendix for the appointment of a DPO.

It is undeniable that the role of the DPO is of paramount importance in the eyes of the ANPD considering it as a key player in ensuring respect for the fundamental right to protection of personal data in Brazil.

Rules in relation to the creation, management and use of databases for scientific research purposes involving human beings

In addition, the Ministry of Health in Brazil published Resolution No. 738 on January 21, 2025, which regulates the use of databases for the purpose of scientific research involving human beings (link). The resolution clarifies the procedures for creating, accessing and using a database. Points of attention include:

  • Obtaining the consent of the Data Subjects;
  • Implementing appropriate security measures to prevent any risks;
  • Ensuring data confidentiality;
  • How processors can access and use the database;
  • Respecting the ethical principles of research and the principles of the LGPD, this is the Brazilian Data Protection Act.

In addition, the guidance clarifies the responsibilities of researchers, sponsors and institutions involved in the creation and use of the database.

At MDT, we have a team of DPOs who are experts in interpreting the LGPD and its application to the life sciences industry, and who are ready to help your company comply with its requirements..

Michelle Ayora

Attorney | DPO certified

Idriss Awagoum yonta

Related Posts

News The European Health Data Space (EHDS): Revolutionizing Health Data Use in Europe

The European Health Data Space (EHDS): Revolutionizing Health Data Use in Europe

rumeysa
rumeysa28 February 2025
News FDPIC Guidelines on ‘Cookies & Similar Technologies’ and ‘Data Breach Report’

FDPIC Guidelines on ‘Cookies & Similar Technologies’ and ‘Data Breach Report’

rumeysa
rumeysa18 February 2025
News Mastering Transfer Impact Assessments: Key Insights from CNIL’s Final Guidelines

Mastering Transfer Impact Assessments: Key Insights from CNIL’s Final Guidelines

rumeysa
rumeysa12 February 2025
Close Menu