In August 2024, the General Data Protection Law (LGPD) completes six years since its enactment in Brazil. Since its entry into force, the LGPD brought a series of significant changes for companies, institutions and citizens, redefining the way personal data is collected, stored and processed in the country. In this article, we explore the main impacts and challenges faced over these six years
Origin and Objectives of the LGPD
Inspired by the General Data Protection Regulation (GDPR) of the European Union, the LGPD (Law No. 13.709/2018) foi sancionada em 14 de agosto de 2018 e entrou em vigor em setembro de 2020. Its main objective is to protect fundamental rights of freedom and privacy, in addition to ensuring the protection of personal data. The law establishes clear guidelines on how data can be collected, treated and shared, imposing obligations on both the public and private sectors
Positive Impacts of the LGPD
1. Greater Transparency and Control
One of the greatest advances brought by the LGPD is the increase in transparency and control that individuals have over their personal data. Companies are required to clearly inform how the data will be used and obtain explicit consent from the data subjects. This strengthens the trust between consumers and companies, promoting a more ethical and transparent business environment
2. Improvement in Information Security
The LGPD encouraged organizations to adopt better information security practices to protect personal data against unauthorized access, leaks and other threats. The implementation of appropriate technical and administrative measures has become essential to avoid penalties and damage to reputation
3. Promotion of Privacy Culture
The law also contributed to the creation of a privacy culture in Brazil. Companies of all sizes and sectors have started to invest in training and development for their employees, aiming to ensure compliance with the regulations and the protection of personal data
Challenges Faced
1. Suitability and Compliance
Compliance with the LGPD represented a significant challenge for many organizations, especially for those that did not have a robust data governance structure. The need to review processes, policies and systems required financial and time investments, what was particularly challenging for small and medium enterprises
2. Enforcement and Application of the Law
The National Data Protection Authority (NDPA), responsible for overseeing and ensuring compliance with the LGPD, faced challenges in terms of structure and resources. The capacity for oversight and the application of sanctions is still a point in evolution, and there is a continuous expectation for a more assertive action from the ANPD
3. Awareness and Education
Despite the advances, awareness of the importance of personal data protection still needs to be expanded. Many citizens and small businesses are still unaware of their rights and obligations under the LGPD, what can hinder the full implementation of the law
Future Perspectives
With the LGPD established as an essential regulatory framework for data protection in Brazil, the future points to a continuous evolution. The ANPD should intensify its inspection and guidance actions, while companies will continue to improve their data governance practices. Furthermore, the legislation may undergo adjustments and updates to keep up with technological and social changes
Conclusion
Six years after its enactment, the LGPD brought significant advances for the protection of personal data in Brazil, promoting greater transparency, security and a culture of privacy. However, challenges persist, especially in terms of suitability, supervision and awareness. As society and technology evolve, the LGPD will continue to play a crucial role in ensuring citizens' rights and promoting a safer and more ethical business environment
