On August 14, 2018, the Brazilian president signed the Lei Geral de Proteção de Dados Pessoais (LGPD) into law. The LGPD is a comprehensive data privacy regulation, which has many similarities with the GDPR, such as for example its ample scope of application, which includes processing activities conducted wholly outside of Brazil, but affecting or targeting Brazilian citizens.
Similarly to the GDPR – which for some violations provides for fines “up to 10,000,000 EUR, or up to 2 % of the total worldwide annual turnover of the preceding financial year – the Brazilian law sets forth fines that may reach two percent of the company’s previous year global revenue.
Companies have 18 months – early 2020 – until the law will come into effect.
The General Data Protection Law is available in Portuguese here.
For more information about how privacy may affect your global business, contact Francesca Giannoni-Crystal & Federica Romanelli.
Originally published on Technethics on August 2018