LGPD: Micro and small businesses struggle to comply with the law | Rattlesnake

The penalties of the LGPD (General Data Protection Law) started to be applied from August 1st of this year. These penalties range from warnings to fines of R$50 million for public agencies and physical or virtual companies that fail to comply with personal data protection rules. The Law was approved in 2018, but it was only in August of this year that sanctions began to be applied. And, despite having the intention to protect the fundamental rights of freedom and privacy, the Law brought several difficulties, mainly for the micro and small businessmen.

“When we talk about the introduction of the Data Protection Law in relation to micro and small companies, we need to understand that there are some difficulties to be faced, with special attention to the human factor, since changing the internal culture of companies is an indispensable aspect for the compliance with the LGPD guidelines. It is still necessary to face the little or even the absence of protection control of the data collected and processed by these companies in the virtual and physical environment”, comments the lawyer André Beck Lima, a specialist in Civil Law.

The main aggravating factor for micro and small companies is the financial part for implementing the mandatory criteria of the Law. “In many cases, it is essential to internally restructure the company, implement new ordinary practices and hire professionals to correctly guide everyone the steps of this adaptation. In order to adapt to the LGPD, micro and small businessmen need to hire professional help, which will not only introduce the implementation of the law’s guidelines, but also provide guidance on the importance and scope of this adjustment in the legal scenario”, he points out.

Law changes

The main change brought by LGPD is the consent of users so that their data can only be used with prior authorization. This consent may be revoked at any time, provided that there is no other legal basis. The Law also says that information holders can request, at any time, the correction of outdated, wrong, or even incomplete data.

“Another important factor brought by the LGPD is compliance, where companies must create and monitor rules, in order to prevent security breaches and also prevent information leakage. Companies that own and collect data are required to implement measures to protect personal data from being targets of unauthorized access, destruction or leakage. In short, the protection measures must cover the areas of security, administrative activities and the technical sector”, explains lawyer André Beck Lima, a specialist in Civil Law.


Failure to comply with the LGPD can have consequences with a great impact on companies: simple warning, carried out by ANPD (National Data Protection Agency), which determines a date for correction of the irregularity; fines of up to 2% of the company’s net sales, limited to R$50 million, with the possibility of a daily fine as well; and disclosure of irregularities in the processing of data by the infringing company. “Therefore, having an expert who can guide compliance with the law is a great differential and helps to reduce the risk of penalties that may be caused by non-compliance with the requirements of the LGPD”, concludes André Beck Lima.

Whatsapp CGN 9.9969-4530 – Direct channel with our newsroom – Send your request and our team will assist you.