Under half of Brazilian organisations believe they would not be fully compliant with Brazil’s General Data Protection Law (LGPD) by August 1, 2021. 

A survey conducted by Brazilian business school Fundação Dom Cabral (FDC) revealed that of the 207 companies polled, board members of 86% companies claimed to be aware of the LGPD and its impact, however only 46% consider themselves as the main responsible party when it comes to the implementation of data protection measures. 

“[Board members] must always be aware of their responsibility to establish policies and ensure that the organizations they manage comply with the new laws that impact them, as is the case with the LGPD. This is a task that cannot be delegated”, said FDC professor Dalton Sardenberg, one of the academics leading the study.

Despite a significant proportion of companies stating they were unprepared for the penalties brought by the LGPD, 82% of companies surveyed said that compliance is one of their main priorities for 2021. 

Two-thirds of the companies polled have a Data Protection Officer (DPO) - of which 14% are solely dedicated to that function, whilst 52% of the DPOs also carry out other duties including the role of chief information officer. 

Other findings include:

  • 48% of companies surveyed have a budget allocated to the sector responsible for adapting to the regulations.
  • 57% of organisations plan to hire or rely on a specialised external consultancy to handle the data protection law requirements.
  • The number of companies with DPOs in place is higher in companies with executive boards (69%) than in organisations with advisory boards solely (51%). 
  • Only 13% of companies polled have suffered a cyber attack. 

FDC professor Fernando Santiago, who also led the study, said: ”Brazilian companies shown that they have a degree of understanding about the growing importance of personal data in recent decades and that [handling it properly] is important and generates effective value for companies.”


PrivSec Global is back for another 2 information-packed days, featuring a series of brand new topics and themes. Register now and hear industry experts discuss Global Data Protection and Privacy Law Developments.