While Brazil is not the first country in South America to enact data privacy laws, it certainly has generated much more interest than any other South American country to date on the subject.
The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados or “LGPD”) was signed into law (with several alterations) by Brazil’s president on August 14, 2018. The LGPD protects private data and provides for the processing of personal data, including on digital platforms, and deals with “sensitive personal data.” LGPD’s date of enforcement is now set for August 14, 2020, exactly 2 years post passage of the law in 2018.
While Brazil directly or indirectly had numerous federal privacy and data protections focused on specific sectors, for example the “Internet Law” known as Law 12,965 of April 23, 2014, this patchwork regulatory framework was sometimes conflicting and plagued with legal uncertainty. The LGPD replaces this patchwork, hoping to better position itself in the global data economy while protecting the rights and freedoms of its residents.
To learn more, read the new solutions brief that summarizes the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados or “LGPD”) to help companies prepare. The brief points out some similarities and differences from the EU General Data Protection Regulation (GDPR), outlines steps to comply, and discusses TrustArc solutions to support these efforts.