Please Contact Europartner

Last News

Understanding VAT in Brazil – The Complete Guide

VAT in Brazil is a topic that requires full attention. Unlike many countries, the Brazilian tax burden is complex and requires preparation to deal with it. Therefore, in this article […]


The Brazilian segment of events has always been very attractive for Brazilian investors and foreigners who plan on establishing legal residence in Brazil. Music festivals, for example, create several jobs […]

New General Data Protection Law in Brazil- what changes?

Posted 17/08/2018

Last Tuesday, August 14, Brazilian President Michel Temer sanctioned the General Data Protection Law – GDPL- which regulates how personal data of Brazilians may be used by companies and public agencies.

The companies will have 18 months to comply with the new legislation, which goes into effect in February 2020.

The change was the subject of a lecture by attorney Fernando Santiago, data protection expert at the Chenut Oliveira Santiago office, presented last Monday (13) at the France-Brazil Chamber of Commerce, in São Paulo.

“We live in an age where data is a very valuable asset. Google, for example, has a business model based on following the citizens/consumers, detecting their choices and consumption habits, and profiting from that data. But any asset can turn out to be a liability, in the sense that an undue spill of data can be very costly for a company”, explained Santiago during the event.

With the new law, the oversight and sanctions that can be suffered by Brazilian companies become clearer, and even more stringent. According to the expert, although in Brazil the subject of data protection is new, in Europe it has been discussed since the 1970s. “The GDPL is very inspired by the GDPR (European Regulation of Protection of Personal Data“), he explains.

In Santiago’s view, the big issue in Brazil is a broad paradigm shift. “With the enactment of the new law, companies need more than ever to reflect on whether they need to actually collect and store certain data”, analyzes.

“One of the most delicate areas in companies is Human Resources, which usually stores medical records and other very detailed and sensitive information about employees. A data leak of this kind can do a lot of damage, so much care is needed in the treatment of this data”, he says.

What changes with the new law

Among the main changes brought with GDPL are:

– companies will no longer be able to collect personal data without the consent of the owners (consumers or employees), and will also be fully responsible for the security of this information

– in addition to having to consent, the data owner may also request the revocation of the authorization to use his information at any time

– the consumer may also request the portability of the data and require that his information be erased

– companies becomes responsible for data security that they collect, transmits, process and store

– company can be fined up to 2% of the billing or up to R$ 50 million for infraction

Europartner approves the new law

For Singrid Teixeira, responsible for the commercial department of Europartner and management of new partnerships, the new law is welcome because it helps to regulate relations between companies, their employees, clients and other third-parties.

“Europe is already more advanced in the data protection issue, but in Brazil this awareness has been growing. We see the law with good eyes because every citizen has the right to personal data protection, and now it will be easier for companies to know how to avoid leaks and to ensure the protection and correct treatment of the data, as well as to collect only the really relevant information for business”, she says.

Read more in our blog:

Software law: dispute between states and municipalities around taxes


Author's post: Europartner Accounting