There have been updates regarding the LGPD. Learn what is new on the Brazilian Data Protection Law here.
The new LGPD - Lei Geral de Proteção de Dados (General Personal Data Protection Law) is establishing a new milestone in the relationship and treatment of information between companies and consumers in Brazil. In practice, the LGPD regulates the use and processing of personal data by the private sector and the public authorities, in order to prevent leaks and misuse.
In 2022 there have been some law adjustments and events that had an impact on the personal and corporate environment. Find out below three significant changes and three recent news about LGPD in 2022 so far.
Explore more privacy compliance insights and best practices
On January 27, 2022, the ANPD (Autoridade Nacional de Proteção de Dados/National Data Protection Authority) published Resolution No. 2 in adequacy and compliance with the new rules of the LGPD. The main changes for these companies are:
Such changes aim at a broader adoption of the LGPD principles by SMEs in Brazil. Currently, 7 over 10 SMEs in Brazil still have not fully adopted these principles, so there it lies the importance of these changes by ANPD.
It has been published in the Federal Official Gazette (MP 1124/2022) a regulation that transforms the National Data Protection Authority (ANPD) into a special authority. This change aims to give more independence to the ANPD, which until then was formally subordinated to the Federal Government.
The ANPD hopes that with the new status it will also be easier for its operations, as well as for international cooperation, where the Brazilian government aims for an OCDE spot.
The National Congress enacted on 02/10/2022 the proposal for an Amendment to the Constitution (PEC) that includes the protection of personal data among the fundamental rights of the citizen. The text then becomes valid and part of the Constitution. It is included in the article dealing with individual and collective rights, a new section that says that "the right to protection of personal data, including in digital media, is ensured, under the terms of the law". The inclusion makes the protection of personal data a solid clause – which means that any change in this theme will have to be in the sense of expanding and protecting rights.
Another curious fact: users and customers do not differentiate between public and private companies when it comes to the data policy. A survey by the Capterra group sought to investigate whether people/users would feel more motivated to share data with private or public companies. The results between private and public companies had very little variation, which did not indicate that there was more confidence in one or another type of company.
The survey 'Biannual Report on Data Governance' by legaltech Seusdados found that in 2021 a 554% increase in demands for data protection solutions in the corporate market, a considerable leap compared to 2020.
“Not having permanent compliance with data protection among the top three priorities of your business plan for the next five years, is taking the risk of not taking an effective drug to cure a terminal illness” - Marcelo Fattori
According to a survey by the Global Digital Trust Insights Survey 2022, 83% of Brazilian companies predict growth in cybersecurity spending in 2022 - a higher percentage than the world's expectation which is around 70%. In addition, 36% of companies in Brazil are looking to increase their cyber budget by between 6% and 10%. Already 33% predict a rise of 15% or more. This reflects a shift in the corporate mindset in caring for data.
With the implementation of the LGPD, companies - even SMEs (see legislation update in 2022) need to comply with the use and treatment of their customers'/users' data. In the case of sensitive data, it is only possible to process it if it has the explicit consent of the owner of the information.
Knowing how to categorize and differentiate the handling and sensitivity of data types is crucial for compliance with the LGPD. To this end, an effective way is through the use of cybersecurity software and solutions, which enable compliance with current legislation, prevent leaks, and explain the necessary information to the consumer.
Book a 30-min call today and get a quick ‘check-up’ of your website, cookie consent banner, or your cookie policy from a data privacy expert.
Schedule a call to learn more
You can sign up for your free trial of our complete LGPD compliance solution .
