By: Leonardo Neri.

A priori, It is worth noting that the emergence of the LGPD, or General Data Protection Law, was created in mid-2018 with the aim of securitizing the issue of national privacy, generating rules that protect the right to privacy within the constitutional scope. It is worth mentioning that the narrative seeks to limit the interpretative form of what could and what should not be done with the data collected and disclosed in society, legally separating companies that correctly respond to these fundamental rights of citizens from companies that fail in this regard, punishing them. 

After the presentation of this initial reality check, the LGPD has been moving towards the initiation of a second application force, directly impacting those who work with it.  

The ANPD, or National Data Protection Authority, will begin applying the LGPD later this year, which is estimated to be by October.   

It is important to emphasize that, in order to help raise public awareness, the Law with fines in force since August 1, 2021, remained inert regarding sanctions and application of penalty calculation, even though its Authority has regulated administrative issues, with inspections and investigations. 

Historically, in the last 4 (four) years, countless companies have sought to outline the legal form in terms of personal data, following a path with the beginning of the LGPD, initiating actions and investments that, today, have generated satisfactory returns, not only financially, but also in a way that leverages the company's name.  

However, like every 'currency', there are two sides, several other companies believed that contractual clauses, encryption or confidentiality agreements would be enough, which ended up making it an unprepared and improvised attitude, since the addition of these mechanisms was done out of the simple guesswork of covering up major media leaks, escaping severe punishments. 

Even so, the LGPD is seen by many as an obstacle, the fact is that, contrary to what they think, the standard does not have the intention of guaranteeing the non-existence of incidents against privacy, since, if it were so, the insertion of a simple text would solve the biggest problems. 

However, actions like this are in fact impossible, since the scope of the LGPD is seen as abstract, after all, there is no environment (neither physical nor digital) that is leak-proof. However, the real purpose of the legislation is to seek political governance of privacy in all spheres, with the desire to reduce risks. 

It is understood that for something to really be adopted and continue with good development, it is necessary that some form of sanction, which, in the case of the LGPD, is the motivating pillar for companies to adapt the Law. It is worth mentioning that many of these fines may even financially exceed the impacts caused to the violator of the obligations, and are in fact dangerous for the companies. Example: Individual or collective compensation; termination of contracts; partial or total cessation of operations; or even reputational impact.  

Finally, the application of fines in October will bring the collective and financial society a more mature way of acting in relation to privacy throughout the national territory, thus generating the true impact of the norm. Making fines reach those who have not yet adapted, allowing the extinction of the sanction for those who comply and even reducing it for those who fail to comply with part of the Law, as well as increasing it for those who paid little attention. 

Source: https://canalmynews.com.br/brasil/a-conta-por-favor-a-hora-da-verdade-para-a-lgpd/ 

With the collaboration of Barbara Gomes and Pedro Sobolewski.