The General Data Protection Law and The Coronavirus

After many comings and goings, the General Data Protection Law (GDPL) is expected to come into force in August/2020.

However, at the end of last year, the Bill of Law (BL) 5,762/19 was presented before the House of Representatives, proposing the postponement of the entry into force of the GDPL for August/2022.

One of the main reasons for BL 5,762/19 is that, so far, the National Data Protection Agency (NDPA) – a regulatory body to be implemented by the Government – has not been created.

It is important to remember that, for two years, the market and society have lived the expectation of the entry into force of the GDPL in the country. The rule is already delayed in relation to the world scenario: when approved in Brazil, the General Data Protection Regulation was in force, since May 25, 2018, for all members of the European Union.

Thus, the question that remains is: in the current scenario of coronavirus and Brazil’s delay in relation to other countries, is it possible to extend the entry into force of the GDPL?

For now, we understand that the priority of the Executive and Legislative Powers, in the coming weeks, will be the fight against Covid-19 and its economic and social implications.

However, as soon as these policies are discussed, the creation and structuring of the NDPA must go forward, because although we live in an exceptional situation with the coronavirus pandemic, postponing the entry into force of the GDPL can cause even greater economic impacts for the country.

Signaling to investors that the country is moving towards regulating the adoption of good practices, already observed worldwide, turns it into a potential beneficiary of investments. Otherwise, we will pass a negative image abroad, which may further delay investments in the country.

It is important to remember that, due to the coronavirus pandemic, many companies are adopting the home office system to continue providing services, which makes it difficult to observe and implement compliance programs, which depend a lot on on-site work and on data verification and mapping.

In this context, it is important that an effective policy is adopted to adapt systems and remote control access to the corporate network. In addition, it is extremely important to train and guide the teams that will work in home office so that they work with discipline and responsibility.

Thus, our recommendation is for companies to take several precautions to protect the data of their employees, customers, suppliers, in addition to the data of the companies themselves.

As a result, we believe that the issue is urgent and must be addressed, so that we can adapt to good practices in terms of data protection.

Our Labor Team remains at your disposal to clarify any doubts.