The Brazilian President has approved a law focusing on data privacy that is being called, the 'Brazilian GDPR'.
The main goal of the law is to increase personal data privacy and protection in the country. The law is under the designation of Law No. 13.709/2018 and expressly amends the previous legislations, Internet Civil Law no. 12.956 / 2014, and the Information Access Law n°12.527/2011.
The new law, which was published on August 14, 2018, defines the rules for data protection in Brazil, and will be effective in 18 months.
What is the law?
The new law will affect everyone who has shared personal data with companies. Every company will have to inform the owner of the data that their data is on the company database and ask for consent before the personal data is used. It will explain how the data is protected to guarantee the privacy of the users. This also gives the user the chance to opt-out. This may sound familiar as it is very similar to the way that the European GDPR law works.
Many companies already are protecting people's personal data. However, the new legislation is a big change in Brazil, since it implements several new rules and procedures on how companies must treat personal data.
The Project of Law 4060/14 determined the implementation of a government body called the National Data Protection Authority, which would be created to monitor data protections efforts around the country. They would also hand out the sanctions for violations and noncompliance, however, the creation of this body was not approved by the president and shall be discussed in the future by the Executive Power.
The Brazilian law outlines that the fine for non-compliance with the law is up to 2% of a company's global revenue and limited to 50 million Reais per infraction. Each infraction will be analyzed and applied proportionally to the resulting damage. This is different from the European GDPR penalty which is more severe at 4%.
Compliance and data privacy are global trends and require companies to put more time and money towards protecting their user's data. TMF Group in Brazilcan provide full data protection health checks for companies that wish to assess their current processes, to determine what changes need to be made to comply with new rules. We can also act as a compliance officer to allow companies to focus on their core business.
Looking for more information? Get in touch with our experts today.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.