Brazilian data protection body pledges to enforce "responsive regulation"

The National Data Protection Authority reassures organizations that its actions will be geared towards dialogue.
Written by Angelica Mari, Contributing Writer

As sanctions for non-compliance with data protection regulations come into force, Brazil's National Data Protection Authority (ANPD) has pledged to adopt a responsive approach towards organizations failing to comply with the new rules.

From August 1, Brazilian organizations processing sensitive data are subject to fines and other administrative sanctions in cases of violation of the General Data Protection Law (LGPD) rules.

Brazil's data protection regulations were introduced in September 2020. At the time, it was determined that organizations would have until August 2021 to adapt to the new rules, despite attempts to push the sanctions to 2022. The board members of the body responsible for enforcing the regulations, the National Data Protection Authority (ANPD), were appointed in October 2020.

The risk of fines, which can reach up to 50 million reais (US$ 9.6 million) daily, has been particularly concerning to public and private sector organizations that have so far failed to comply with the rules. On the other hand, local trade bodies representing the technology sector support the dialogue-based approach prior to the application of sanctions adopted by the ANPD.

During an event held by the Brazilian Association of Information Technology and Communication Companies (Brasscom) last Thursday (29) on the topic of rights to data protection, Waldemar Ortunho Junior, president at ANPD, sought to reassure organizations:

"Don't expect the ANPD to knock on your door with a penalty notebook," Ortunho said during the event, adding that the data protection body will aim to talk to companies when it receives notifications and gather all the information relevant to a case in point prior to deciding on any measures.

"It is much easier to apply a fine and then move to the legal sphere. This [process is laborious, but by observing other regulatory agencies, we concluded that the effect of a responsive regulation is much more positive", the ANPD director noted.

The president at Brasscom, Sergio Paulo Gallindo, welcomed the ANPD approach: "This direction is in line with the expectations of companies and civil society that [ANPD] will prioritize its efforts in responsive and guiding activity, promoting the dissemination of a culture of privacy and the adoption of best practices".

According to a study onboard attitudes in relation to the data protection regulations carried out in the first half of 2021, 40% of organizations polled said they would not be fully compliant with the rules by the time sanctions were enforced.

According to a separate report, Brazilians are concerned about the security of their data despite knowing that companies they interact with keep some type of information about their consumption and leisure habits.

Some 92% of the users of digital services polled by Datafolha Institute on behalf of Mastercard said they are aware companies retain their information to some degree. However, on a scale of 1 to 10, where 10 is "very secure", 5.1 is the average score given to how secure respondents feel their information is in digital environments.

Editorial standards