Already pushed back once, the Brazilian General Data Protection Law, Lei Geral de Proteção de Dados Pessoais (LGPD), was scheduled to go into effect on August 16, 2020. Yet, there have been separate government actions in Brazil that may push both the effective date and the date after which enforcements under the LGPD can begin:
Effective Date Currently August 26, 2020 (Yet, Possibly as Early as August 16, 2020, or Delayed to May 3, 2021). There is a lot of confusion, but simply there are three scenarios that will determine the LGPD effective date:
- Original Date – August 16, 2020. The LGPD was to become effective August 16, 2020.
- Proposed Extension Date – May 3, 2021. Brazil’s president enacted a temporary executive order, Executive Order No. 959 (MP 959), pushing the effective date of LGPD to May 3, 2021. However, the order becomes definitive law only if the National Congress converts it into law by August 26, 2020.
- What You Need to Know – Possible Effective Date – August 26, 2020 (or Earlier, up to August 16, 2020). If the Executive Order is not converted into law, amended or extended on or before August 26, 2020, the order lapses, and the LGPD immediately becomes effective on August 26, 2020, or possibly earlier—between August 16, 2020 (the original effective date) and August 25, 2020—if Brazil’s Congress rejects the Executive Order.
Enforcements Delayed to August 1, 2021. Taking a page out of the California Legislature that separated the effective and enforcement dates of CCPA, in June 2020, the Brazilian Congress issued Law No. 14.010/2020 that postponed the effectiveness of the administrative penalties and enforcements under the LGPD (Articles 52 to 54) until August 1, 2021.
Actions to Take Now
Companies that (i) collect or process personal data in Brazil or from individuals located in Brazil or (ii) offer or provide goods or services in Brazil, are subject to the LGPD and have been taking the following actions to prepare for compliance: