The last two years have been huge for data privacy regulations. The EU launched its General Data Protection Regulation in 2019. California’s CCPA took effect in January. And soon, another regulation comes into play: Brazil’s Lei Geral de Proteção de Dados Pessoais, or LGPD.
The first sweeping data protection ruleset in Latin America was scheduled to take effect on Aug. 15, though a substantial portion of the act has been delayed until May 2021.
In this post, we’ll break down with the LGPD means for B2B marketers – particularly those in the U.S. and Canada.
(A word of warning, first. We’re a marketing agency, not a law firm. If you’re concerned about your LGPD exposure, call your attorney.)
What Is the LGPD?
Think of the LGPD as Brazil’s answer to the EU’s GDPR. The act covers “collecting, handling, storing and sharing of personal data managed by organizations.”
Just like the GDPR, the LGPD provides individuals with rights associated with their data. And it allows for significant fines for noncompliance.
What Companies Does the LGPD Cover?
Any organization that does business in Brazil (or with its 210 million citizens) should think about the LGPD. If you process personal data of a Brazilian user, you need to abide.
There is no clear distinction between B2B and B2C companies, though there are exceptions for personal use and security.
If you don’t do business in Brazil, you’re probably in the clear. But that doesn’t mean you shouldn’t practice normal data hygiene.
What Rights Does the LGPD Grant?
The LGPD gives Brazilians a similar set of data rights as EU citizens. As of Aug. 15, they are entitled to:
- Access their data
- Confirm the processing of their data
- Fix incomplete, outdated or false data
- Delete excessive information
- Send data to other organizations upon request
- Delete their data
- Know with whom an organization has shared their data
- Be informed of consequences of denying consent
- Cancel or revoke their consent
There are definitely subtle differences, but the LGPD is basically the GDPR as far as B2B marketers are concerned.
What Penalties Does the LGPD?
Each violation carries a fine up to 2% of a company’s Brazilian revenue, up to roughly $13 million USD. Sanctions do not appear to be in the offing until August 2021.
How Do I Comply?
Just like the GDPR, there’s no magic statement you can put in your privacy policy to become “LGPD compliant.” It’s all about your data practices.
In other words, practice the “IKOP” method:
- Inform users how and why you’re collecting data
- Know where you keep personal data
- Let users opt out of any data collection, storage or use
- Have a plan to deal with consent cancellations or data breaches
LGPD compliance for B2B marketers comes down to basic data hygiene. Even if you don’t do business in Brazil, these best practices might steer you out of hot water someday.