The Brazilian LGPD is Here (Almost)

The Brazilian LGPD is Here (Almost)


After a number of postponements and many discussions about further delay, the Brazilian Lei Geral de Protecção de Dados Pessoais (General Data Protection Law, LGPD) is on the verge of entering into force. In a surprise move, the Brazilian Senate on Wednesday 26 August decided not to agree to a further postponement, but to let the law enter into application immediately. Enforcement of the law will start in August 2021. Possibly, the only remaining wait is for the signature of president Bolsonaro, which is due within 15 days of the vote*. Immediately after the vote, the decree establishing the Brazilian data protection authority was already published.


While waiting for the official start sign of the law, this seems to be the right moment to take another look at what the LGPD requires from organizations doing business in Brazil. When looking at the new Brazilian law, it is immediately clear that there is a fair amount of overlap between the LGPD and the GDPR. This is no surprise – the LGPD is an omnibus data protection law as well, modeled after the GDPR. It explicitly recognises that data protection is linked to the respect for privacy, to informed self-determination and human rights, but also to free enterprise and free competition. 


Accountability


The LGPD stipulates in Article 6.X that accountability is one of the key principles to which data processing operations by controllers and processors shall be subject. According to the provision, this requires the controller or the processor to be able to demonstrate “the adoption of measures which are efficient and capable of proving the compliance with the rules of personal data protection, including the efficacy of such measures”. A similar ..

Support the originator by clicking the read the rest link below.