Thais Cordero
Lawyer at Marcos Martins Advogados
One of the biggest legal milestones in Brazil in 2021 was the entry into force of the administrative sanctions of the General Personal Data Protection Law (Law 13.709, of 2018), on August 1st. Since that date, both natural and legal persons who do not process data in accordance with the rules set out in the legislation have been subject to warnings, fines and even partial or total prohibition of the exercise of activities related to data processing.
Even so, Brazil was the sixth country most affected by data leaks in 2021. From January to November alone, 24.2 million profiles belonging to Brazilian users had their information exposed through attacks or breaches in systems. Despite this, the volume of incidents fell by 31%, according to data from Dutch consultancy Surfshark. The country with the record is the United States, with 212.4 million accounts hit by criminals.
The figures are already a reflection of the relevance that the issue is gaining in Brazil. According to a survey carried out by RD Station in partnership with Manar Soluções, 69% of companies are in the process of building customer data protection policies. This represents a major step forward in the maturity of Brazilian companies in terms of compliance with the law.
The main benefit of these investments is security – but that’s not all. Companies that are concerned about handling data properly, monitoring information among all their stakeholders and giving visibility to the way data is handled, tend not only to mitigate incidents but also to reduce operational risks and even increase their visibility to receive investments, whether national or even international.
Complying with the LGPD means having a stricter compliance policy, which is no longer a differentiator but the rule in the market. Companies that adopt such measures convey much more credibility and trust to customers, employees, shareholders and investors, as they demonstrate their concern for complying with the law and being transparent when handling the data entrusted to them.
The evolution of clear LGPD policies are due diligence processes, which comprise a set of investigative acts that must be carried out mainly at times of important transactions, such as mergers and acquisitions (M&A), or even for investment contributions. This procedure is a detailed investigation into the legal and economic context of a company, mapping out possible risks, fraud, corruption, money laundering, among others.
According to data from the Mergers & Acquisitions survey, 1,362 M&A transactions were carried out from January to November 2021. This figure represents R$526.7 billion in investments – an increase of 132.6% compared to the same period last year, reinforcing the theory of how much the LGPD has positively impacted legal certainty in our country.
In short, due diligence functions as an evolution of the LGPD, verifying that the policies developed are, in fact, being implemented. In addition, as technology is constantly and rapidly developing, these policies need to be revisited frequently in order to minimize risks and promote continuous improvements. The world is constantly changing, and closely monitoring these changes along with what is being developed by the company is fundamental to ensuring the health of the business. Anyone who doesn’t comply with compliance guidelines will certainly be left behind in 2022.
About the author:
Thais Cordero is a lawyer and head of the corporate area at Marcos Martins Advogados.
Read also: Lawyer explains how days off on January 25 work due to the anticipation of public holidays