Inspired by the European regulation (General Data Protection Regulation - GDPR), the Brazilian General Data Protection Act (in Portuguese, LGPD, Lei Geral de Proteção de Dados) establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.
With the presidential approval, in August 2018, companies will have until 18 months to adjust to the new rules.
Among the actions curbed by the LDPG are the collection and use of personal data without consent, by both the private sector and public authorities, as well as the use of personal information for practicing unlawful or unfair discrimination.
The legislation is part of the Brazilian context of progressive adaptation to the best global data management practices and it covers all companies that offer services or have operations involving data handling in Brazil.
Companies that violate the new law will be subject to the application of warnings, fines, embargoes, suspensions and partial or total bans to performing their activities. Fines can reach up to 2% of the organization's revenue, with a limit of R$50 million per violation.
In addition to securing individual rights, the LGPD aims to encourage the sustainable development of the economy and the businesses, based on the best international practices.
Both the Brazilian law and the GDPR require a strategic approach to the handling of personal data, which represents, on the other hand, a great opportunity for companies. Organizations can leverage regulations for obtaining a competitive advantage in the use of such data, with a correct planning and the application of good privacy practices.
For that, companies will have to demonstrate compliance and responsibility with the laws in force, in order to increase the level of trust of all their stakeholders.
Deloitte has a multidisciplinary team to provide integrated solutions and support organizations in adapting to the new legislation, as well as in the resolution of possible incidents.