General Data Protection Act: know the implications for companies under the Act.
The General Data Protection Act came into force on September 18, 2020. In July 2018, then President Michel Temer, sanctioned the LGPD originated from PLC 52/2018. Strictly speaking, the act should come into force two years after the sanction. The fact is that the new coronavirus pandemic plunged the country – and the whole world – into a very unusual situation. Even though it entered into force, the LGPD still does not impose penalties on companies and people, which should only happen from August 2021. We will understand the changes that the new legislation will bring to the online environment and the business world.
The LGPD is inspired by the European Union act known as GPDR that came into force in May 2018. Both deal with the collection, storage, use, distribution and even elimination of personal data in order to protect citizens’ fundamental rights, establishing rules for its use, in order to adapt the maintenance of data within the national territory to the legal system, providing on several topics from consent to the obligation to offer options for citizens to have knowledge about the use being made of their data, as well as easy access to these, in order to be able to correct and/or delete these data, when in disagreement with the legislation.
While determining protection mechanisms for the consumer, the LGPD establishes punishment for infractions ranging from warnings to fines, which can reach up to BRL 50 million, in addition to partial or total prohibition on the exercise of activities related to data processing, thus demonstrating the legislator’s concern to adapt the indiscriminate use of data that was carried out in the country to the new legislation.
The protection that the act brings to the consumer is very important in the current context in which the use of the Internet and commercial transactions via e-commerce and applications grow exponentially, collecting personal data from users. It is essential that companies, even knowing that the penalties will only be applied next year, organize themselves to act within the parameters of the LGPD.
To inspect and guide companies in relation to compliance with the General Data Protection Act, the creation of a specific body, the National Data Protection Authority (ANPD), is foreseen. President Jair Bolsonaro has already nominated people for the institution. It is necessary to publish the name of the agency’s president-director in the Brazilian Official Gazette for the start of the operation. For specialists and entities linked to the theme, this is an important step so that companies, especially micro and small ones, that need more guidance, have legal certainty to adapt their activities.
We understand the General Data Protection Act as a major milestone for Digital Law. There is still much to be known and disclosed on the subject. Let’s follow closely.