Brazilian Data Protection Law LGPD coming to force

The Brazilian LGPD (Lei Geral de Proteção de Dados) is a new data privacy law that will apply to businesses (both inside and outside Brazil) that process the personal data of users located in Brazil. The new law is expected to go into effect on August 16th, 2020.

Brazil’s Lei Geral de Proteção de Dados (or LGPD) brings sorely needed clarification to the Brazilian legal framework. The LGPD attempts to unify the over 40 different statutes that currently govern personal data, both online and offline, by replacing certain regulations and supplementing others. This unification of previously disparate and oftentimes contradictory regulations is only one similarity it shares with the EU’s General Data Protection Regulation, a document from which it clearly takes inspiration.

This means that all companies incorporated or trading in Brazil that have information of Brazilian nationals in their databases are expected to comply with all procedures and policies provided in the new law, once it becomes enforceable. Companies and groups which do not follow on the law’s terms may receive a fine such as 2% of their sales revenue, or even up to $50 million Brazilian Real (about USD 12 Million).

LGPD is viewed by many lawyers and privacy specialists as inspired and derived from the European Union (EU) General Data Protection Regulation (GDPR).