Personal Data Protection is the topic that has occupied the conversations of many professionals. Many people think that this is a topic dealt with only by the Technology team. However, the in-depth analysis of the impacts that this protection will cause is lacking. We are not talking here about those famous four letters: LGPD. For it is not only about the LGPD. And the reason is evident: almost every company has customers and/or suppliers outside the Brazilian boundaries or that part of its infrastructure is abroad. This means that you should look at which countries are directly connected to your business. One example is GDPR, which is the European data protection law. It provides for the need for countries outside Europe that process personal data of European citizens to have a law equivalent to the GDPR in order to continue processing the data. If this does not happen, the fine of millions of euros will be applied to the European company that is related to your company. The question is, will it take that risk? Therefore, the LGPD should come into force in August 2020, being crucial for Brazilian companies and their international competitiveness. Therefore, bill 5762/2019 is a retrograde step for Brazil, since it wants to postpone the entry into force of the LGPD to August 2022, a law that protects a Fundamental Right. As an example, selling a product or service to a Brazilian with Italian citizenship will attract compliance with the LGPD and GDPR. If customers and/or suppliers transact in the United States, depending on the technology, they will have to adapt the company to the LGPD, the GDPR, and the Cloud Act, the US law on cloud data protection. The analyses do not stop there. If the service provider is an individual micro-entrepreneur (MEI), the CPF of the person who set it up is personal data. In other words, it will need differentiated treatment. After this brief reflection, it is clear that data protection permeates the entire company, requiring an in-depth analysis of the business, which must be carried out by a multidisciplinary team, composed of administrators, lawyers, and information security professionals. What is worrying is that countless companies have not yet begun to implement the necessary mechanisms to adhere to the law. And time does not stop. It is necessary to understand that leaving it to the last minute will mean not meeting the legal deadline, being subject to a fine, as well as losing business to companies that already comply with personal data protection laws.
Gustavo Martinelli is a lawyer, Partner at Allemand Consultoria e Advocacia Empresarial, certified by EXIN in Privacy and Data Protection, Specialist in Digital Law and Master in Law and Fundamental Guarantees. Site: http://www.allemand.adv.br .
Luiz Cláudio Allemand, Lawyer, Master in Law and Specialist in Tax Law. Site: http://www.allemand.adv.br .