The General Data Protection Law – Law No. 13,709 (“LGPD”), which deals with the treatment and privacy of data subjects in Brazil, went into effect on September 18, 2020.
Administrative sanctions, on the other hand, foreseen in the LGPD, will only begin to be applied as of August 1, 2021. Those who fail to comply with the rules for data handling will be subject to warnings, the obligation to publicize the violation, and/or fines of up to R$50,000,000.00 (fifty million reais) per violation.
Although the National Data Protection Authority (“ANPD”), responsible for enforcing compliance with the LGPD and applying administrative sanctions, is not yet operational, the civil and criminal liability of data controllers and/or operators, by the judiciary, is not ruled out. It should be noted that in the first days of the law’s effectiveness, there were already lawsuits related to non-compliance with the LGPD, and it is expected a significant increase in the judicialization of matters related to data processing and compensation for damages against those who do not comply with the law.
In this context, there is an urgent need for the business sector to adapt to the norms of personal data processing, through the mapping of the data processed, process diagnosis, policy review, and the design of an action plan. LGPD compliance, besides being a legal necessity, is an important element to keep companies competitive in the market.
For this, our office is at your disposal to clarify any doubts in this regard and help you in the process of your company’s compliance with LGPD.