On May 25, 2018 a new phase in the regulation of the protection of personal data of the European Union begins, with the entry into force of the so-called GDPR (General Data Protection Regulation).
As of that date, companies subject to GDPR that fail to comply with their terms may be subject to penalties up to € 20 million or 4% of the group’s annual global turnover, whichever the greater.
Any company that stores or processes personal data located in the European Economic Area or, being located in other regions of the world monitors behaviors or offers goods and services to individuals in the European Union, will be subject to the terms of the GDPR.
The macro objective of the new regulation is to ensure greater transparency in the use and storage of information of each citizen that companies and state bodies have and will have access to, as well as better inform and guarantee the rights of those who give out such information. In other words, to ensure greater control of each citizen over their personal data.
In order to determine whether your company here in Brazil is subject to GDPR, it is necessary to perform an analysis of the company’s operational features combined with the technologies used and to acknowledge how they are both linked to Europe.
We recommend that you consult your headquarter to confirm whether the group already has a specific orientation or policy regarding GDPR. If so, consider checking locally how to implement the policy in accordance with Brazilian laws.
Juliana G. Meyer Gottardi is partner at Pacheco Neto Sanden Teisseire Law Firm.
Patrícia Perinazzo C. Medeiros is associate at Pacheco Neto Sanden Teisseire Law Firm.