After many debates, delays and changes, the General Data Protection Law (LGPD) came into force in Brazil. The project was sanctioned by President Jair Bolsonaro in September 2020 and has been in effect ever since.
Although the subject is on the agenda in several media outlets, there are still many people with doubts about the implications that the changes in the law represent. In practice, the new model protects consumer data, and is stricter from the point of view of managing this information by companies.
Let’s better understand what the LGPD is and what its impacts are on the daily lives of Brazilians.
What is LGPD?
Inspired by a European model, the General Data Protection Law has rules and standards regarding the use of consumer data. The text talks about the forms of treatment that should be given to this information and also attributes to companies the responsibility for the storage and management of this data.
Full name, residential address, e-mail, marital status and financial status are examples of personal information that we occasionally transact with other institutions. Those who receive these data, in addition to now needing the holder’s consent to obtain them, will have to inform which purpose the information will be used.
Failure to comply with the law implies high fines that will be paid by those who do not take care of the information properly. However, as part of the process of adaptation to the new law, the penalties will only be applied from August 2021.
What changes for citizens and businesses?
For the general public, the entry into force of the LGPD represents greater protection for the information they share. All citizens now have greater control over the circulation of personal data, being able to demand at any time the deletion of this information from databases or question companies about the use of this content. It’s more legal certainty for everyone.
From the organizational point of view of corporations, the new law means the need to readjust a series of processes. That’s why, for example, you might have noticed that websites now display a window asking for permission to collect cookies. These small files are stored in the browser and serve to tell companies data about their browsing in that environment.
Regulation will still be implemented
The body responsible for overseeing the rules defined by the LGPD will be the National Data Protection Authority (ANPD). It will also have the mission of ensuring the protection of personal data and commercial and industrial secrets of Brazilian companies. As this is a newly created entity, its infrastructure has not yet been completely defined. Skills include:
- Ensure the protection of personal data;
- Dealing with cases of commercial and industrial secrets;
- Encourage the adoption of standards that facilitate the control of holders over their personal data.
Adaptation phase until August 2021
Although the LGPD was approved in September 2020, for at least two years debates on the subject have increased in the general media. Because of this, many companies anticipated the entry into force of the law and have already adopted processes that are in accordance with these premises.
However, as there will be no penalties until August 2021, it is very likely that several companies will use this period to adapt to this new reality. The creation of ANPD and the formulation of clearer rules and systematizations is long awaited to eliminate remaining doubts.
However, as a company, it is essential to adapt as soon as possible to everything that the LGPD foresees. You can read the full text of Law 13.709 , of 08/14/2018, whose wording was amended by Law 13.853 , of 2019, on the official website of the Federal Government.
Do you still have questions about how LGPD will impact your company’s day-to-day activities? In addition to looking for more material on the subject, such as the page of the Federal Data Processing Service (Serpro) , consult a lawyer who specializes in the subject for more specific guidance.