Anyway, all this seems very far away from the Brazilians reality and detached from our environment of worries, however, this is not true because of many factors and reasons.
The first reason is very simple, if you use any online service you should receive, in a short time, a lot of emails about changing terms of use and privacy policy, that means…how you interact with these services has changed a lot, even if you have not noticed. But what are the effects for you as a service provider and as a professional?
The GDPR directly impacts business and service relations between companies, through a very intelligent mechanism. Law, in general, is restricted to the territory, ie a law of a country can only be applied in its territory, if you are outside this area can not be penalized, what we call the principle of territoriality. It would then suffice for companies to leave the territory of the European Union to evade law enforcement, which would lose its purpose.
Given this scenario, the GDPR was built to be applied worldwide, so imagine that a European company hired a Brazilian company and that Brazilian company violates the GDPR, in this case the European authority will not fine and penalize the Brazilian company ( to be out of its territory), but will penalize the European company because a company that it contracted violated the law. Therefore, the European company, as contractor, has the obligation to ensure that the entire chain that has access to the data complies with the GDPR.
In doing so, the European Union guarantees that the GDPR will be fulfilled, even outside its territory, so in a way the GDPR has become a “global” legislation, since anyone who has access to data of any citizen, companies and / or European governments are subject to it, eg subsidiaries of European multinationals, various service providers (marketing agencies, etc…) are all subject to such legislation.
In summary, even though it is apparently invisible, the GDPR directly impacts the lives of most Brazilians, not to mention a “detail”, a few months after GDPR approval, a very similar Brazilian legislation was created, the LGPD – General Law of Data Protection.
Having said all this, the Brazilian legislation (LGPD) will come into force in February 2020, and most companies are not yet aware of this fact and little prepared to adapt, thus exposing themselves to strict financial risks and fines in case of noncompliance , everything in order to “force” the market to be more zealous and judicious with the data it has, after all the privacy of data owners will depend on the quality of security, the control made by agents who store and collect personal data.
Lawyer Author of the Comment: Luciano Del Monaco