On 5 September 2025, the European Commission published the Draft Adequacy Decision recognizing Brazil as a country that ensures an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation (GDPR). This proposal marks the beginning of the formal procedure to authorize the transfer of personal data from the European Union to Brazil without the need for additional safeguards, effectively treating such transfers as equivalent to those occurring within the EU.

In brief On 16 June 2025, the Council of the European Union and the European Parliament reached a political agreement on a new regulation introducing additional procedural rules for the enforcement of the General Data Protection Regulation (GDPR) in cross-border matters (“Regulation”). The new Regulation seeks to fix the delays and inconsistencies…

Belgium’s new Private Investigation Act (PIA) was published in the Official Gazette on 6 December 2024, with most of its provisions having entered into force on 16 December 2024. The PIA replaces the 1991 Belgian Act on Private Detectives with the aim of modernizing the applicable legal framework in light of new investigation methods and the application of the General Data Protection Regulation. With its broader scope of application – this legislation is now also applicable to internal investigations – and the significant additional requirements it imposes, the PIA will undoubtedly impact many businesses operating in Belgium.

The Brazilian Data Protection Authority (ANPD) has published Resolution CD/ANPD No. 18, which creates additional rules for the appointment of the Person in Charge (similar, although not equivalent, to the Data Protection Officer under the GDPR).
As background, according to Law No. 13.709/18 (Brazilian Data Protection Law (LGPD)), data controllers must appoint a Person in Charge. The “Person in Charge” has the primary role of serving as a communication liaison between the data controller, data subjects and ANPD, as well as providing training and guidance to the controller’s employees, and complying with any other instructions that controller may give.