Most Brazilian tech firms not compliant with data protection regulations

But the sector is faring better than other industries, according to data from the Brazilian Association of Software Companies.

Nearly two months after the general data protection regulations went live in Brazil, 56% of the companies in the technology sector still need to adjust to the rules, according to new data.

Despite the need for more than half of sector companies to catch up, tech companies in Brazil appear to be more prepared when the subject is data protection: the general average in terms of readiness in other industries is about 39%. The findings emerged in a survey carried out by the Brazilian Association of Software Companies (ABES) in partnership with EY.

The organizations created a an assessment tool to find out the level of preparedness of companies in relation to data protection and have been carrying out various surveys on the subject. More than 2050 companies took part in this latest research effort.

According to ABES president Rodolfo Fücher, compliance with established standards is essential for tech companies, which are influential for organizations of other sectors when it comes to data protection.

"We cannot debate strategies for the economic and social development of a nation without mentioning artificial intelligence, big data, blockchain, quantum computing and augmented reality, for example. Technology is present in all social spheres, so companies of the sector that do not comply with the data protection regulations can easily lose credibility", Fücher points out.

According to the survey, 70.3% of the technology companies surveyed carry collect confidential data and 30.9% have already suffered an incident relating to data violation in the last two years.

A previous survey, also carried out through the ABES/EY assessment tool in September 2020 with firms of various sectors, found  the majority of Brazilian companies still have incipient data protection strategies and this is not being prioritized by organizations.

Last month, Brazil saw the first lawsuit where the final ruling was based on the General Data Protection Regulations. The case involves Cyrela, one of the largest real estate companies in Brazil, and was initiated by a customer who bought property from the firm and successfully demonstrated that he had been harassed by various companies from the company's partner ecosystem, offering services ranging from loans to furniture and architecture services.

The board members of the body responsible for enforcing the rules, the National Data Protection Authority, were appointed in late October. The authority's president, Waldemar Gonçalves, said that the new body should "favor constructive engagement with responsible organizations, focusing on rewarding appropriate behavior, teaching, discussing and engaging actors, using sanctions only as a last resort."