The Provisional Measure nº 869 issued this Friday (12/28/2018), by president Temer created the Brazilian National Authority for Data Protection (NADP), which will be responsible for supervising the application of the newly enacted Brazilian General Personal Data Protection Law (GDPL). The entity will be linked to the executive branch.
The NADP creation was initially vetoed by the Government, under the justification that it was not within the attributions of the Congress to create such agency.
This legislation also modifies other provisions of GDLP, such as: the vacatio legis (period until the law takes legal effect) is changed from 18 to 24 months, there is a permission for the government to process private data on existing databases, it expands the legal basis for the processing of sensitive data and it also creates the National Council for Data Protection and Privacy.
We emphasize, however, that president elected Bolsonaro, has already announced that it might review the acts practiced by the current administration within the last 60 days and that the Provisional Measure is still subject to confirmation by the Congress. In this sense, Dias Carneiro’s technology team will continue to follow the developments related to the GDPL, reporting any issues related to the matter.