The General Data Protection Law (GDPL), in effect since 2020, brought profound changes in the treatment of personal data by companies and organizations in Brazil. Despite its importance, there are still companies that ignore or fail to comply with the requirements of the law, exposing oneself to severe administrative penalties, financial and even criminal
The objective of the LGPD is to ensure the privacy and security of information with respect to the rights of data subjects. Furthermore, she determines collection methods, storage, treatment and sharing of this data. “Those responsible for data processing who violate the LGPD may face administrative sanctions, such fines of up to 2% of revenue, limited to R$ 50 million per infraction, blocking or deletion of data, in addition to civil liability for damages caused to the holders, affirmsRafael Valentini, specialist in Criminal Law and partner at FVF Lawyers
In a fully digital era where information security and protection against data leaks, among other problems, became the differentiator of companies, corporations needed to comply with the LGPD in various ways. Business ethics, social responsibility, client-supplier partnership, responsible investor, among other topics began to appear in board meetings, CEOs and board of directors. After all, companies that adopt good practices in privacy and data protection gain a competitive advantage and are better prepared to deal with potential cyber incidents
But what if a certain company does not comply with the law and, as a consequence,may have committed a crime? “Although the LGPD does not directly foresee criminal sanctions, violations involving crimes, as fraud or misuse of data, they can carry criminal liability based on other laws, how the Penal Code and the Cyber Crimes Law, reinforces the specialist. A form of shielding, within the LGPD is the adoption of an efficient data governance policy, the implementation of information security technologies, among others
