The European Commission has confirmed Brazil provides a GDPR-adequate level of data protection in a decision that is anticipated to benefit the country’s economy.

Amid the various transformations experienced in the digital landscape, over the past month the article series “Digital Law in Brazil - Current Hot Topics”, written by different professionals from the firm Montaury Pimenta, Machado & Vieira de Mello, has sought to map the issues that have most mobilized legislators, courts, regulators, and legal practitioners in the field of Digital Law.

Deste a entrada em vigor da Lei Geral de Proteção de Dados – LGPD, muito tem se debatido a respeito das incertezas regulatórias que orbitam o universo da regulação do tema perante as microempresas, empresas de pequeno porte e startups. Dentre as inúmeras indefinições, uma em especial tem tirado o sono da maioria dos empreendedores: a obrigatoriedade de indicação de um Encarregado/DPO (Data Protection Officer, conforme previsto no Regulamento Geral de Proteção de Dados da União Europeia – GDPR).

Under the Brazilian General Data Protection Law (LGPD), the Privacy Policy plays a central role in operationalizing the principles of transparency, purpose limitation, and accountability established in Article 6 of the law. Far from being a mere formality or a copy-and-paste document, as many organizations still rely on, the Privacy Policy is one of the primary instruments through which controllers demonstrate compliance to both data subjects and regulators..

A Practice Note providing a high-level overview of key records retention requirements relating to personal data in Brazil. It addresses governing laws, authority guidance, and sectorspecific requirements. This Practice Note does not address every records retention obligation under Brazilian laws.