- Originally approved in 2018, the LGPD was expected to take effect on August 14;
- In April, Bolsonaro issued a Provisional Measure that provided, among other things, for the creation of the COVID-19 emergency aid and the postponement of the LGPD law to May 2021;
- Now, the LGPD comes into effect immediately, also requiring that the National Data Protection Authority (ANPD), responsible for applying the sanctions of the new law, be created soon.
The General Law on Protection of Personal Data (LGPD), Brazil’s version of GDPR, which regulates the use of personal data of customers and users by state and private companies in Brazil, will enter into force as soon as signed by President Jair Bolsonaro.
This Wednesday, the Brazilian Senate reversed the Lower House‘ decision of the previous day and voted unanimously to remove Article 4 from the text of the Provisional Measure 959/2020, which postponed the LGPD to December this year.
The penalties, however, remain postponed, to August 2021, as approved in the law 14.010, of 2020. The same law provides for the installation of a National Data Protection Authority (ANPD), which will be responsible for conducting the regulation of a series of points foreseen in the law and apply the sanctions to entities and companies that deal with data in the country.
Originally approved in 2018, the LGPD was expected to take effect on August 14. In April, Bolsonaro issued an MP that provided, among other things, for the creation of the COVID-19 emergency aid and the postponement of the LGPD law to May 2021. Now, with the immediate entry into force of the law, experts expect the ANPD will finally be created.