After postponements and disagreements, the Senate maintains the LGPD for August 2020.
The LGPD - General Data Protection Law -, a set of rules that obliges companies to adopt security processes for the use and storage of digital data in Brazil - has already been announced several times. The date, originally scheduled for August 2020, was extended to January 2021 and, through Provisional Measure No. 959, again postponed to May 2021. In the explanatory memorandum, Minister Paulo Guedes alleged “… a possible inability to part of society due to the economic and social impacts of the crisis caused by the Coronavirus pandemic ”.
The postponement determined by the MP gave more time for companies - stopped or adapting to the home office and experiencing a period of cost containment - to develop the platforms required by LGPD and, consequently, a longer term for the creation of ANPD - National Data Protection Authority, responsible for the supervision and application of sanctions.
Opinions were divided. In the legal sector, data protection specialist Gustavo Artese, understood that, without the ANPD, a postponement would be positive, but that “the ideal would be for the government to have fulfilled its role and installed the ANPD so that the law would follow its natural path. ”. For the lawyer Filipe Fonteles Cabral, the extension was “a relief for those who left the compliance project for the last minute, discouragement for those who already understood the importance of the law”. In the economic environment, several segments manifested themselves. The customer relations department (call center) supported the change. Topázio Neto, vice president of ABT - Brazilian Teleservice Association, claimed that companies were working to adapt to the new law, but the pandemic interrupted this process. FecomercioSP stated that large companies are in the process of adapting, but small and medium-sized retailers have not yet implemented the LGPD rules. Febraban, on the other hand, did not see the postponement or the pandemic as impediments to complying with the law, due to the fact that financial institutions routinely follow strong regulation.
In the midst of these and other divergent opinions, on May 19, the LGPD had, once again, its term changed with the approval, by the Federal Senate, of maintaining the beginning of the LGPD to the original date of August 2020 , with sanctions beginning in August 2021. The decision, however, does not eliminate the uncertainty environment generated by the fact that, to date, there is no clear standardization of procedures or the implementation of the ANPD for greater security for companies. It also does not eliminate mistrust about the real importance that government officials are giving to the issue, regardless of COVID-19.
Delayed in relation to the world in this regard, it is undeniable that the LGPD will be a milestone for data protection in Brazil and requires full attention from controllers, supervisory bodies and also from companies that, when investing in the implementation of compliance and governance programs, in addition to avoiding severe penalties, they guarantee a competitive advantage for the safety of its customers and the maintenance of its business.