Publications - 21/09/20

Brazilian General Data Protection Law comes into force

Brazilian General Data Protection Law, Lei Geral de Proteção de Dados (LGPD), came into force last Friday, September 18, becoming a matter of extreme importance for private and public companies that need to adapt their practices immediately to the impositions established in this new legislation.

From now on, companies need to make sure that users in Brazil clearly know how the collection, storage and use of their personal data will be carried out. Despite some exceptions, the user has the option of consenting to the terms of use presented or not, and has the possibility to request the exclusion of certain information, if deemed necessary.

The purpose of the law is to unite the set of rules regarding the processing of users personal data to private and public companies. The main objective is to facilitate the inspection of the treatment and storage of data against possible abuse that can be performed during the usage of such data.

Moreover, the new law establishes highly cost fines and rigid sanctions, which encompasses from warnings to fines up to 2% of the company revenue, under the limit of $ 50 million reais. However, it is noteworthy that the application of penalties to companies that disobey the provisions of the LGPD was postponed to August 2021, by Law No. 14.010/2020.

One question that raises concern and legal insecurity regarding the LPGD is the fact that the National Data Protection Authority, Autoridade Nacional de Proteção de Dados (ANPD), responsible for regulating the application of the law, is not yet properly operating. Even though a decree has already been instituted approving the regulatory structure and the list of trusted positions of this body, its governing body has not yet been appointed.