* By Carla Prado Manso
The Senate approved Bill 1,179 / 20, which suggested postponing the General Data Protection Law (LGPD) due to the advances made by Covid-19, canceling the application of fines and other administrative sanctions, as of August 2021 - one year after the plan initially approved by the Federal Government.
However, this PL now goes for a new presidential sanction (or veto), after the remote session that took place on 05/19/2020, where the Senate rejected the Bill 1,179 / 20. It can be said that MP 959/2020 is currently in force, which provides for the postponement of the LGPD to 05/03/2021, but depends on approval by the National Congress for conversion into law and may undergo changes until eventual approval.
This postponement was certainly much celebrated by companies that had not made any adaptation to the LGPD and would do it in the nick of time. However, I believe that by postponing the term, we are going backwards in all areas, whether in the area of IT, health, economics and education. Extending the Law means leaving an obligation for companies to understand that the personal data in their databases cannot, in fact, be shared with third parties without consent.
Bringing it further into the scope of the information security market, there is currently an intensification in the flow of personal data with remote work. Many employees are working without the necessary security protections, such as antivirus and firewall, which facilitates the invasion of systems, the increase in electronic fraud, and consequently, the leakage of sensitive business and personal data.
Among the main arguments used for the postponement was the fact that companies would not have a budget to start or continue adapting to the Law due to the pandemic. However, as the proliferation of coronavirus is still happening without any concrete prospect of decline, it is difficult to imagine that budgets will resume their fullness between August 2020 and May 2021. In addition, companies that are really concerned with adapting - even if less than half of them - have already invested all efforts and values in this process and are practically 100% already prepared for the new work format.
With the decision, Brazil will continue with a low level of data protection compared to the international standard. This means that national companies will have more difficulties in maintaining and developing relationships with suppliers from other countries in the midst of the pandemic, in addition to decreasing the level of competitiveness and credibility of business with international companies.
From now on, the expectation is that this period of extension of the LGPD term will bring the possibility for companies that were still in the process of adapting to search for solutions in order to adapt as quickly as possible to the standard. The companies that were more advanced on the journey, on the other hand, should persist in their projects with even more effort, analyzing the best practices and tools made available by the market. In the end, the goal is to ensure that data privacy is viewed with the importance and seriousness that the topic requires.
* Carla Prado Manso, DPO and Lawyer at Compugraf
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
