As we’ve written about previously, Brazil’s new General Personal Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”) is now in effect and companies doing business in the country need to make efforts to comply with its data privacy provisions. At least one company in the country is finding out the hard way just how expensive noncompliance could be.
On September 21, 2020, only three days after LGPD’s enforcement date, the first lawsuit was filed against a digital services company based in the state of Minas Gerais. According to the complaint, the defendant company processes and sells the personal data of 500,000 São Paulo residents, including their names, email addresses, phone numbers and home addresses. The defendant company allegedly segmented personal data, such as data from medical doctors, accountants, nurses, and other professions, from specific states of Brazil and sold that data to its customers.
The regulatory authority enforcing LGPD int his case, the Public Ministry of the Federal District and Territories (“MPDFT”), sought a preliminary injunction seeking to force the company to refrain from disclosing the personal data of those individuals whose data has been collected until Brazilian courts can hear the case. The injunction includes a request to freeze the website domain used to sell the information
LGPD is here, and with the actions of the MPDFT it appears that the LGPD will have teeth in its enforcement. It is imperative that companies with Brazilian operations take the necessary steps to adequately protect data and ensure LGPD compliance, as this action may serve as an encouragement for Brazilian regulators enforce data privacy rights provided for by LGPD.
Clym provides a cost-effective, scalable and flexible platform to comply with LGPD, CCPA, GDPR, and other laws as they come online. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.