Tag: LGPD

LGPD – Brazil’s upcoming Data Protection Law

28. November 2019

The National Congress of Brazil passed in August 2018 a new General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”). This law is slated to come into effect in August 2020. Prior to the LGPD, data protection in Brazil was primarily enforced via a various collection of legal frameworks, including the country’s Civil Rights Framework for the Internet (Internet Act) and Consumer Protection Code.

The new legislation creates a completely new general framework for the use of personal data processed on individuals in Brazil, regardless of where the data processor is located. Brazil also established its own Data Protection Authority, in order to enforce the guidance. Although the Data Protection Authority will initially be tied to the Presidency of the Federative Republic of Brazil, the DPA will become autonomous in the long term, in about two years.

Like the GDPR, the new framework has an extraterritorial application, which means that the law will apply to any individual or organization, private or public that processes or collects personal data in Brazil, regardless of where the Processor is based. The LGPD does not apply to data processing for strictly personal, academic, artistic and journalistic purposes.

Although the LGPD is largely influenced by the GDPR, both frameworks also differ from each other a lot. For instance, both frameworks define personal data differently. The LGPD’s definition is broad and covers any information relating to an identified or identifiable natural person. Furthermore, the LGPD does not permit cross-border transfers based on the controller’s legitimate interest. In the GDPR, the deadline for data breach notification is 72 hours; in the LGPD, the deadline is loosely defined, to name just a few.

Category: General · Personal Data
Tags: ,

Brazilian General Data Protection Law

17. August 2018

On August 14th, a new data protection law was passed in Brazil and is named Brazilian General Data Protection Law (LGPD). The law will come into effect in early 2020.

The new legal framework deals with personal data in Brazil, both online and offline as well as in the private and public sectors. Until now the country has more than 40 legal norms at the federal level which are replaced and/or supplementing the previous regulations.

The new law aims to help Brazil enter the roll of more than 120 countries that today may be considered to have an adequate level of protection of privacy and the use of personal data, so that Brazil can compete on the global market.

As next step a DPA is created and will be an independent public authority responsible for the supervision of the law and enforcement. The authority is able to establish guidelines for the promotion of protection of personal data in Brazil.