LGPD (Lei Geral de Proteção de Dados), the new data protection law enters into force in Brazil earlier than expected.
Brazil, one of the developed countries in Latin America, is adopting for the first time a data protection law, enforced earlier than the official date set for the 31st of December 2020. The Federal Senate of Brazil issued an amendment to speed up this process.
On the 17th of September 2020, the president approved the amendment and LGPD was officially enforced.
Based on this new law, court actions and lawsuits can be executed even if the implementing regulations have not been released yet until the 21st of August 2021, all actions will be done based on LGPD’s main provisions.
The General Data Protection Law consists of a set of laws designed to complement existing privacy laws. The essential requirements of the law are divided into four categories: legal basis for processing where organizations are required to have a legal basis to process data, individual rights, governance and accountability and data transfers.
Violation of this new regulation can lead to fines of up to 2% of the organization’s revenue for the prior year and up to a total of 50 million reais (or approximately $9.3 million USD) per violation.
As proof, the first lawsuit under this law has already been initiated by the (MPDFT) (Ministério Público do Distrito Federal e dos Territórios’) against a company that includes in its activity the manipulation of personal data (such as data from hairdressers, brokers, dentists, doctors, nurses, psychologists and other professionals from Brazil) and which has sold over 500,000 of these data.
GDPR (The General Data Protection Regulation), CCPA ( the California Consumer Privacy Act) and LGPD have the same goal, of protecting the privacy of individuals although each law is unique in its own way, the details are the most important and to avoid sanctions, data controllers must be extremely careful and become compliant.
In such insecure world it is impressive too see how another law of protection ‘’is born’’ and individuals become increasingly aware of how important personal data is.
It is everyone’s right to feel safe when disclose personal information for commercial services, and organizations must take seriously these laws that have emerged as an alarm signal for the last years in which the confidentiality of individuals began to be violated with the advancement of technology.
Sovy’s GDPR Essentials can help you get compliant and stay compliant with our suite of on-line tools and services, including:
- eLearning for GDPR and CyberSecurity
- Cookie Consent Manager with data rights access requests
- Records of Data Processing
We also offer Advisory Services for additional support to address your company’s needsE