The General Data Protection Law (LGPD), in effect since 2020, has brought profound changes to the way companies and organizations handle personal data in Brazil. Despite its importance, there are still companies that ignore or fail to comply with the law's requirements, exposing themselves to severe administrative, financial, and even criminal penalties.
The goal of the LGPD (Brazilian General Data Protection Law) is to guarantee the privacy and security of information while respecting the rights of data subjects. Furthermore, it establishes methods for collecting, storing, processing, and sharing this data. “ Those responsible for data processing who fail to comply with the LGPD may face administrative sanctions, such as fines of up to 2% of revenue, limited to R$ 50 million per infraction, data blocking or deletion, as well as civil liability for damages caused to data subjects ,” states Rafael Valentini, a specialist in Criminal Law and partner at FVF Advogados.
In a fully digital age where information security and protection against data leaks, among other issues, have become key differentiators for companies, corporations have had to comply with the LGPD (Brazilian General Data Protection Law) in various ways. Business ethics, social responsibility, client-supplier partnerships, responsible investors, and other topics have become prominent in board meetings, CEO meetings, and executive meetings. After all, companies that adopt good practices in privacy and data protection gain a competitive advantage and are better prepared to deal with potential cyber incidents.
But what happens when a company fails to comply with the law and, consequently, may have committed a crime? " Although the LGPD (Brazilian General Data Protection Law) does not directly provide for criminal sanctions, violations involving crimes, such as fraud or misuse of data, can lead to criminal liability based on other laws, such as the Penal Code and the Cybercrime Law ," emphasizes the expert. One way to protect against this, within the LGPD, is to adopt an efficient data governance policy, implement information security technologies, among other measures.
