In August 2024, the General Data Protection Law (LGPD) completes six years since its promulgation in Brazil. Since its enforcement, the LGPD has brought significant changes to companies, institutions, and citizens, redefining the way personal data is collected, stored, and processed in the country. In this article, we explore the main impacts and challenges faced over these six years.
Origin and Objectives of LGPD
Inspired by the General Data Protection Regulation (GDPR) of the European Union, the LGPD (Law No. 13,709/2018) was sanctioned on August 14, 2018, and came into effect in September 2020. Its main objective is to protect fundamental rights of freedom and privacy, as well as to ensure the protection of personal data. The law establishes clear guidelines on how data can be collected, processed, and shared, imposing obligations on both the public and private sector.
Positive Impacts of LGPD
1. Greater Transparency and Control
One of the greatest advancements brought by the LGPD is the increase in transparency and control that individuals have over their personal data. Companies are required to clearly inform how data will be used and obtain explicit consent from the data subjects. This strengthens trust between consumers and companies, promoting a more ethical and transparent business environment.
2. Improvement in Information Security
The LGPD encouraged organizations to adopt better information security practices to protect personal data against unauthorized access, leaks, and other threats. The implementation of suitable technical and administrative measures has become essential to avoid penalties and reputation damage.
3. Fostering a Culture of Privacy
The law also contributed to the creation of a privacy culture in Brazil. Companies of all sizes and sectors started investing in training and capacity building for their employees, aiming to ensure compliance with regulations and the protection of personal data.
Challenges Faced
1. Adaptation and Compliance
Adapting to the LGPD represented a significant challenge for many organizations, especially those without a robust data governance structure. The need to review processes, policies, and systems required financial and time investments, which was particularly challenging for small and medium-sized enterprises.
2. Oversight and Law Enforcement
The National Data Protection Authority (ANPD), responsible for overseeing and ensuring compliance with the LGPD, faced challenges in terms of structure and resources. The ability to oversee and enforce sanctions is still an area evolving, and there is a continuous expectation for a more assertive role from the ANPD.
3. Awareness and Education
Despite advances, awareness of the importance of protecting personal data still needs to be expanded. Many citizens and small businesses are still unaware of their rights and obligations under the LGPD, which can hinder the full implementation of the law.
Future Perspectives
With the LGPD established as a key regulatory milestone for data protection in Brazil, the future points towards continuous evolution. The ANPD should intensify its monitoring and guidance actions, while companies will continue to improve their data governance practices. Additionally, the legislation may undergo adjustments and updates to keep up with technological and social changes.
Conclusion
Six years after its promulgation, the LGPD has brought significant advancements to the protection of personal data in Brazil, promoting greater transparency, security, and a culture of privacy. However, challenges persist, especially in terms of compliance, monitoring, and awareness. As society and technology evolve, the LGPD will continue to play a crucial role in ensuring citizens’ rights and promoting a safer and ethical business environment.
