DATA PRIVACY/CYBERSECURIT Y
Brazil’s New Data Protection Law By VISHAL SUNAK
B
razil makes up more than 40 percent of Latin America’s economy and accounts for over half of its IT spending. It is expected to become the fifth largest consumer market in the world by 2023, so it’s understandable that Brazil would want to adopt legislation to safeguard consumer data. The General Data Protection Regulation (GDPR) has aimed to do the same for the European Union. The California Consumer Privacy Act brought this focus down to a state level in the United States. It took more than two years after passage for Brazil’s General Data Protection Law (LGPD) to reach
14
its current form, yet some were still caught by surprise when it officially went into effect in September 2020. It sets regulations and creates a legal framework that addresses areas from data processing and transfers to individual rights, governance and accountability. Like the GDPR, the LGPD extends beyond borders. It applies to any organization processing the data of individuals in Brazil, regardless of where the entity is located or where the data is stored. Whether you have a physical office in Brazil or just sell services or products in the market doesn’t matter; companies that handle
TODAYSGENERALCOUNSEL.COM FEB/MAR 202 1
personal data of anyone living in the country must comply. Banking, finance, healthcare, software as a service, data security and social media are obviously subject to the LGPD because of the personal data they routinely handle. However, unlike similar regulations, the LGPD impacts businesses of all sizes. The following first steps should be taken by all: • Determine liability by mapping personal data processing and that of any third parties to determine what is subject to the LGPD. • Conduct an analysis to see where BACK TO CONTENTS
