On September 18, 2020, the Brazilian General Data Protection Law (Law No. 13,709/2020 – “LGPD”) finally entered into effect. After the President approved Provisional Measure No. 959/2020, modified by Conversion Bill No. 34/2020, the extended discussions on its enactment date came to an end.
Although the administrative penalties provided for in the law were postponed to August 2021, the Judiciary will have the competence to apply civil sanctions and regulatory authorities are able to apply fees in case of violations against the LGPD provisions. Additionally, consumer defense associations and Public Prosecutors will continue to investigate companies that do not comply with the legislation.
For companies that have waited for the definition of the enactment date to start the compliance procedure, we suggest focusing on urgent measures. The following are some priorities for minimizing risks, such as reputational or material damages in the case of violations of the law or data breaches, as well as ensuring greater protection for personal data in the context of its processing activities.