Brazil: Adopted ANPD clarification regarding qualifications for data protection officer and LGPD compliance seals

On 31 March 2023, the National Data Protection Authority (ANPD) issued a notice clarifying the data controller's obligation to appoint a data protection officer under the Law on General Personal Data Protection (LGPD) and the validity of the compliance seals provided by private entities. In particular, the ANPD stated that LGPD requires the data controllers to appoint a data protection officer, but it does not outline specific norms, qualifications or performance requirements that an individual would need to meet to be appointed to such a position. The ANPD noted that based on the LGPD, it has the power to establish such norms, and it will issue regulations outlining norms that data controllers would be required to follow when employing an individual for the data protection officer position. Furthermore, ANPD noted that it had not approved a standard, procedure, software or compliance seal offered by private entities and that such seals do not guarantee compliance with LGPD.