The General Data Protection Law (LGPD), in effect since 2020, brought about profound changes in the handling of personal data by companies and organizations in Brazil. Despite its importance, there are still companies that ignore or fail to comply with legal requirements, exposing themselves to severe administrative, financial, and even criminal penalties.
The goal of the LGPD is to ensure the privacy and security of information while respecting the rights of data subjects. Furthermore, it determines methods of collection, storage, processing, and sharing of these data.“Data controllers who fail to comply with the LGPD may face administrative sanctions, such as fines of up to 2% of revenue, limited to R$50 million per violation, blocking or deletion of data, in addition to civil liability for damages caused to data subjects.”, saysRafael Valentini, specialist in Criminal Law and partner at FVF Advogados.
In a fully digital era where information security and data leak protection, among other issues, have become the company's differentiators, corporations had to adhere to the LGPD through various means. Business ethics, social responsibility, client-supplier partnership, responsible investor, among other topics, have begun to appear in board meetings, CEOs, and management. After all, companies that adopt good practices in privacy and data protection gain a competitive advantage and are better prepared to handle potential cyber incidents.
But what if a certain company does not comply with the law and, as a consequence, may have committed a crime?“Although the LGPD does not directly provide for criminal sanctions, violations involving crimes, such as fraud or misuse of data, may lead to criminal liability under other laws, such as the Penal Code and the Cybercrimes Law.”strengthens the specialist. One form of shielding within the LGPD is the adoption of an effective data governance policy, the implementation of information security technologies, among others.
