Brazil: Published ANDP Guidelines on Personal Data Protection Impact Report

On 6 April 2023, the Brazilian National Data Protection Authority (ANDP) published Guidelines and a list of questions and answers regarding the “Personal Data Protection Impact Report” (RIPD) required by the General Law for the Protection of Personal Data (LGPD). The questions and answers aim to guide users on the presentation and submission of the RIPD. Notably, the guide sets out when data controllers should prepare the RIPD, the criteria and methodologies to use for risk management, the minimum requirements that the RIPD must contain, and the data and information that should be included in the RIPD, among others.