The General Data Protection Law (GDPL) was enacted on August 14, 2018 and was expected to enter into force in February 2020. However, Law 13,853/2019 postponed GDPL by six months, now starting to take place on August 15 next year.

Inspired by European regulation (GDPL), the law brings concepts such as: impact report on personal data protection, data processing, national authority and consent, controller, operator (Processor), Person in Charge (DPO), processing and anonymization agents are part of the new GDPL. The central objective is to enable the protection of information security.

According to Raphael Zaroni, founding partner of Zaroni Advogados, “the GDPL is the result of the strong discussion occasioned by the current worldwide technological development considering that all citizens have their data registered in some platform. Thus, GDPL results in the legalization and enforcement of companies’ use of customer personal information, as well as being used to unify the rules, regardless of the economy sector and to adapt the rules in Brazil for extraterritorial application due to the GDPL.”

Despite the forecast for February, the General Data Protection Law may change one more time. On October 30, Federal Deputy Carlos Bezerra (MDB/MT) filed Bill 5762/2019, which amends Law No. 13,709 (GDPL) to extend its date of entry to August 15, 2022, with the justification that Brazilian companies are not yet prepared for such law.