Insights

Brazil’s Data Protection Authority becomes a full regulatory agency with enforcement powers

Law No. 15.352/2026 transforms Brazil’s Data Protection Authority into a fully-fledged regulatory agency, aligning it with other federal regulators.

While the LGPD rules remain unchanged, enforcement capabilities have significantly expanded.

The authority now has powers to:
• intervene in operations
• seize assets
• enforce compliance with stronger measures

Implications for companies

This marks a shift from a guidance-based approach to a structured enforcement model.

Companies now face increased regulatory exposure.

Organizations must be prepared not only to comply, but to demonstrate compliance.

Strategic considerations

Companies should review their compliance programs, ensure proper DPO designation and maintain auditable records.

Monitoring upcoming regulations is essential as enforcement becomes more active.

Conteúdo relacionado

PDK Advogados announces Martha Mendes Sedeh as its new CEO

Artificial Intelligence in medicine now has specific rules in Brazil

TRT-10 annuls provisions on the role of occupational physicians in defense of employers

MENU

Fale conosco
+55 (21) 99073 4906
contato@pdka.com.br