Data protection has become a leading issue across the globe. The UK introduced new GDPR regulations in 2017 in a bid to protect consumer data. It hasn’t been the only country to focus on tightening up its data protection policies, however. Brazil has also stepped in to protect its citizens, creating GDPL regulations that were introduced in 2018.
Now, the country is set to become the regional leader in data privacy. So, what is the GDPL and how does it compare to the UK’s GDPR?
Understanding Brazil’s GDPL regulations
GDPL is short for General Data Protection Law and it’s Brazil’s answer to the GDPR. It’s not due to come into effect until 2020, giving businesses plenty of opportunity to make necessary adjustments.
Under the new rules, companies can be fined up to 2% of their previous year’s profits. Its aim is to protect the citizens of Brazil, and all countries will need to adhere to the laws if they collect or monitor data on Brazilian citizens. The Brazilian president has made some amendments to the original proposals. He vetoed three different provisions, including setting up an independent data protection authority.
As highlighted by RSM, the GDPL comes after the GDPR was introduced. It shares a lot of similarities to the GDPR, including a consumer right to be forgotten, as well as to access their information. Companies are also expected to notify of any data breaches, and it has cross-border jurisdiction.
How does it differ to GDPR?
While there are some similarities to GDPR, there are also some notable differences. The UK’s policy provides six legal bases for processing data, whereas the GDPL provides ten.
The fines are also slightly lower if a company is found to breach the legislation. In the UK’s GDPR, companies can be fined up to 4% of their annual takings, whereas with GDPL, the rate is set at 2%. The GDPL also provides a shorter timeframe for businesses to report a data breach.
How do other countries match up?
There’s no doubt Brazil’s new data protection laws make it a leader in the region. Although it isn’t quite as strict as the UK’s GDPR, it’s still miles ahead of many other countries.
Argentina already has a Personal Data Protection Act introduced in 2000. It states that data is only allowed to be collected if the individual has given their consent. The country is now currently drafting a new data protection bill which is thought to closely mirror the GDPR.
Australia on the other hand is lagging behind. Its Privacy Act was developed in 1988 and has remained pretty much untouched since then. It does have additional privacy laws, though they certainly aren’t as extensive as the GDPR and GDPL.
Overall, Brazil’s new GDPL regulations are set to drastically improve data protection in the country. As it stands, the country is leading the way in Latin America. However, it’s likely that more countries will follow suit given the success of GDPR and Brazil’s new stricter guidelines.
