Recently, the Brazilian Data Protection Agency (ANPD) published a series of Q&As on the Data Protection Impact Assessment (DPIA) - a document required in several situations by the Brazilian General Data Protection Law (LGPD) which may raise questions from data controllers.

This is the first step in the regulation of the document, and the publication of a model DPIA for small data controllers is expected.

It is also worth noting that the adoption of the provisions of the publication, although highly recommended, is not mandatory.