Companies have until August 2020 to comply with the Brazilian Data Protection Law – LGPD.
Brazilian or foreign companies that process personal data within the Brazilian territory, directed to the Brazilian market and/or involving individuals located in the Brazilian territory, have until August 2020 to start complying with the Brazilian Data Protection Law (“LGPD”).
Even before its entry into force, it is possible to note that the LGPD is influencing the Brazilian business environment.
When negotiating contracts, for instance, it is becoming more common to face contractual clauses related to the processing of personal data. Also, data protection matters are starting to be part of due diligence related to M&A transactions, regardless of the target’s industry or activity.
Considering that the adoption of a proper compliance program is not limited to the review of privacy policies and related documents, but also requires, among other aspects, the prior analysis and understanding of the company’s situation regarding the processing of personal data and the identification of the legal bases that authorize its performance, companies that have not started the implementation of their LGPD compliance program should start it as soon as possible, avoiding the risk of not being compliant once the law fully becomes into force in August 2020.
For further information on this subject, contact: