Compliance with the new General Data Protection Law is not yet a reality for the vast majority of companies in Brazil. A study of 192 companies, conducted by ICTS Protiviti, a risk management and compliance consultancy, showed that 84% of them still lack a clear guideline regarding compliance with the LGPD.

Amid the coronavirus pandemic, the LGPD (Brazilian General Data Protection Law) began its implementation. validity extended for January 1, 2021. However, ICTS research shows that companies are not using this extension to invest in compliance, but are postponing these measures, which could bring risks. 

“There are several points to consider, including the legal uncertainty in the processing of personal data, the increase in procedures for international data transactions, which reduces the operational efficiency of companies, and also possible harm to citizens due to data leaks, without any compensatory measures,” says André Cilurzo, LGPD specialist and associate director of ICTS Protiviti.

Although several companies demonstrate that they have some mechanisms in place to comply with the LGPD (Brazilian General Data Protection Law), they still lack the focus, maturity, and operational efficiency to deal with the law. According to the study, only 12,5% ​​say they have protective measures to prevent the risk of personal data leaks. Only 17% of companies report that personal data is processed by third parties and suppliers. And what is most concerning is that only a quarter of the total companies analyzed have a training program for their employees and third parties.

“With the current public calamity situation, companies are prioritizing their cash flow to at least keep their payroll up to date and have the breathing room to return to activities when this “hurricane” passes. The government is no different. However, postponing the start of the LGPD's (Brazilian General Data Protection Law) enforcement, even by four months, will put Brazil even further behind developed countries and some Latin American peers, as well as allow companies to evade the adjustments required by the new law, exposing clients, employees, and Brazilian citizens to the risks of improper data processing and information leaks,” André Cilurzo.

If you haven't adapted yet, find out what you need sabout the LGPD to avoid its penalties.