Brazil: Brazilian Data Protection Law Comes Into Force
Not long after the EU’s General Data Privacy Protection Regulation (GDPR) came into force, the Brazil president sanctioned bill PLC 53/2018 (Brazilian Data Protection Law, or the Bill), which regulates the protection, collection and processing of personal information by both private companies and public authorities.
Similar to the GDPR, the Brazilian Data Protection Law specifies how personal data should be handled, especially through digital platforms. The Bill provides that individuals can review, correct and delete their data and that no personal data can be used in any way without the prior consent of the individual data subjects. Moreover, companies now have to appoint a privacy officer and conduct regular Privacy Impact Assessments to comply. In cases of data breach, both Brazil’s data protection authority and those affected should be notified.
Like the GDPR, the Brazilian Data Protection Law will have an extraterritorial impact, meaning that it will apply to companies that process data pertaining to Brazil-domiciled individuals.