August 1st is right around the corner—is your organization ready for the Lei Geral de Proteção de Dados Pessoais (LGPD)? The grace period to become compliant with Brazil’s General Law for the Protection of Personal Data, the LGPD, ends in five days. Companies that do not meet the rules and obligations set forth in the in the law may suffer warnings, penalties, or fines of up to 2% of annual revenue or R50 million per violation, which estimates to €7.5 million or $8.9 million.
The National Data Protection Authority (ANPD) is the enforcement agency and will determine which penalties will apply. An organization will be subject to sanctions after an administrative procedure has taken place, wherein the defending party will have an opportunity, for example, to show evidence of incident response policies and procedures, in the event of data breach or incident. The application of sanctions will depend on the evidence presented, and ultimately, the ANPD.
Over the past several decades, Brazil has become very litigious—particularly with consumer claims. One cannot help but wonder what the early days of the LGPD will mean in terms of lawsuits founded on alleged violations to the provisions of the new law.
In any event, MDS recommends that organizations take a proactive approach, and begin to think about what kind of policies and procedures are in place—if any. Based on what we know about the LGPD enforcement, thus far, evidence of incident response policies and procedures may serve as good faith efforts, which could potentially minimize the penalties issued by the ANPD.
Written By: Ashley Pusey, J.D., Privacy, Legal & Compliance Lead, Maureen Data Systems
The material and information provided in Maureen Data Systems (“MDS”) Content are for general information only and should not, in any respect, be relied on as professional advice. The MDS Content shall be construed as author-based content and commentary. Accordingly, no warranties or other guarantees are offered as to the quality of the opinions, commentary or anything else appearing in such MDS Content. MDS expressly reserves the right to delete stories at its and their sole discretion.
Ready to Get Started with mDS?
Fill-out the quick form & a MDS technical expert will contact you soon!
+1 (888) 123-4567