Data protection fines could be pushed to 2022 in Brazil

The challenges imposed by the Covid-19 pandemic on businesses form the main argument of a new bill

A bill has been put forward to propose the postponement of the enforcement of fines for non-compliance with data protection regulations in Brazil.

The country's General Data Protection Law (LGPD, in the Portuguese acronym) came into force in September 2020, with sanctions for non-compliance ranging from warnings to daily fines of up to 50 million reais (US$ 9 million), in addition to a partial or total suspension of activities related to data processing.

The sanctions will be applicable from August 2021 by the newly-formed National Data Protection Authority, and the bill put forward on Friday (18) proposes to postpone the penalties to January 2022. The challenges imposed by the Covid-19 pandemic are the main argument of congressman Eduardo Bismarck, who authored the bill, noting that the novel coronavirus is a major barrier for compliance.

Bismarck noted that delaying the financial sanctions is needed in order to avoid "burdening companies in the face of the enormous difficulties arising from the pandemic".

"We cannot expect that all the companies working with data processing will have managed to adapt to the norms foreseen in the LGPD by August 2021, since they do not even have the economic conditions to stay afloat amid this chaotic scenario of world crisis", the congressman pointed out.

The bill follows the emergence of two major data protection scandals in 2021: the exposure of personal data of over 220 million citizens in January, and a leak discovered earlier this month, which exposed over 102 million mobile phone accounts.

Most Brazilian companies have not increased their investments in information and cyber security since the Covid-19 pandemic emerged despite an increase in threats, according to a study by Marsh and Microsoft on perceptions of cybersecurity risk in Latin America since the start of the crisis.

Despite the increase in security threats, 56% of the Brazilian companies polled currently invest 10% or less of their IT budget in cybersecurity. According to the study, 52% of Brazilian organizations said investment in security has not changed since the start of the pandemic.