New European Regulations became effective and created accountable liabilities for Brazilian companies
Last Friday (05/25) became effective the new European Data Protection Regulation (GDPR), which aims to protect European consumers and users’ data privacy through the adoption of new rules related to their security, protection and processing.
The regulation consists in a series of provisions that must be adopted by companies of any size and in any geography, that collect or processes personal data of individuals that reside or are within the EU, even if they are cost-free, web/internet provided or if the data is processed outside European territory.
In this context, GDPR rules will also be applicable to companies that have their headquarters or branches in other countries, that shall be subject to those rules and their sanctions even though they do not carry activities within Europe.
Aiming to offer significant protection to the user, GDPR has the core objective of providing ownership of the personal data to the individuals, particularly in regards to those that are sensitive. In this sense, from the wide range of obligations applicable to those companies, those related to the particular needs of transparency and specificities related to the consent in order to collect and process data as well as for the need for the adoption of procedures to allow individuals to exercise the ownership of their data (right to be forgotten, transference of data and requests to receive reports on which data has been processed).
Companies that fail to comply with the rules will be penalized for infringements that could result in fines up to €10 million or 2% of the overall turnover of the company when the fines are lighter and could reach €20 million or 4% of the company’s overall turnover (whichever is greater) when they are harder.
Considering the above, Brazilian companies that serve the European market, either directly or indirectly (as processors) should look for specialized professionals assistance in order to comply with the GDPR, reinforce internal procedures security, and avoid regulatory authorities questioning.
Manucci Advogados team is available for any further information and assistance that is eventually required in regards to this subject.