Brazilian General Personal Data Protection Law Becomes Effective

The Brazilian General Personal Data Protection Law (Law No. 13.709/2018 – “LGPD”), which regulates the processing of personal data, became enforceable on September 18, 2020.

The LGPD, which was originally expected to become effective in August 2020, was the subject of several acts by the Executive and Legislative branches, aiming to postpone its effectiveness, such as Provisional Measure 959/2020 (“MP 959/2020”).

MP 959/2020 initially aimed to postpone the effectiveness of the Law until May 2021, however, this act was not approved by the Federal Senate.

As a result, the LGPD was merely awaiting presidential sanction of the Conversion Bill 34/2020, originating from MP 959/2020, to become effective.

It should be noted that, although the provisions of the LGPD are already enforceable, the beginning of the term for the application of administrative sanctions provided for in the LGPD will only occur on August 1, 2021, as per Law No. 14,010/2020.

In the case that your company is not in compliance with LGPD, it is of great importance that the process is commenced immediately. Demarest’s Data Privacy and Cybersecurity team is available to provide further information or clarification on this matter, and to assist in the process of becoming compliant with the LGPD.