Overview: Originally approved in 2018, The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) was expected to take effect on August 14, 2020. In April, however, President of Brazil, Jair Bolsonaro issued a Provisional Measure that provided COVID-19 emergency aid and the postponement of the LGPD law to May 2021.
After a Senate vote on August 26th, the LGPD will now come into effect immediately, also requiring that the National Data Protection Authority (ANPD), responsible for applying the sanctions of the new law be created soon.
Why This is Important: The LGPD is important because it is a privacy law with "extraterritorial application" which means that organizations that process personal data of Brazilians will need to comply with the LGPD regardless of where they are owned or operated.
Who Does this Apply to?
The LGPD will apply to:
- Data processing within the territory of Brazil
- Data processing of individuals who are within the territory of Brazil, regardless of where in the world the data processor is located
- Data processing of data collected in Brazil
What are the consequences of this/potential fines? Under the LGPD, fines may be levied up to 2% of the Brazil-sourced income of the organization (which is considered any legal entity, its group or conglomerate), net of taxes, for the preceding fiscal year, limited to R$ 50,000,000 (app. $11 million), per infraction.
How can Exterro’s software help your organization with LGPD compliance? Exterro is the ACC Exclusive Alliance Partner for Data Privacy Compliance and Exterro’s privacy suite offers the world’s most efficient approach to establishing a defensible global data privacy process.
Read the full story on Lexology.