In 2018, it had been outlined that Brazil would be implementing its new General Data Protection Law (LGPD), in an attempt to unify more than 40 different laws that currently exist throughout Brazilian legislation, in a bid to achieve improved governance of personal data in Brazil.
Whilst this was initially proposed to become enforceable in August 2020, due to macro factors such as the COVID-19 pandemic, the decision has been made to postpone the effective date until August 2021. Thus, prolonging the implementation period, so to provide stakeholders with sufficient time needed to best prepare and apply the necessary changes for the upcoming legislation.
LGPD is similar in nature to that of the EU General Data Protection Regulation (GDPR), which came into effect and imposed into European law in May 2018, with the Brazilian counterpart being pertinent to both businesses and/or personnel who process the personal information of those living in Brazil, irrespective of where that business or person is situated geographically. However, this does not include activities which originate outside of Brazil, nor activities which share data with Brazilian processing agents or the exchange of information with a company from an alternative country which possess an acceptable level of data governance law, similar to that of LGPD.
Moreover, when comparing LGPD to GDPR, the are numerous similarities which can be seen between the two, in addition to some subtle differences which do indeed set them apart from each other. In summary, as previously stated, for activities performed in Brazil, LGPD will apply to any person or legal entity, regardless of objective or the geographic situation. However, it has also been stated that this data law will not be pertinent for individuals performing data collection activities in Brazil for private or non-economic purposes; journalistic, artistic or academic purposes; or for purposes involving public safety or national security.
More information on how the LGPD compares to GDPR can be seen in an article written by GDPR.EU, who have addressed some of the key considerations when comparing the two pieces of data protection law, with focus on key topic areas such as: personal data; subject rights; data protection officers; legal basis for processing data; the reporting of data breaches and the fines which are accompanied to such data breaches.
This upcoming change in data protection law is a significant advancement that will not only have a significant impact on the drug safety industry, but also an undoubted impact on a substantial amount of businesses and industries worldwide. Any organisation dealing with the personal data for residents of Brazil will now be required to adhere to this regulation and therefore appoint a data protection officer to oversee compliance with this new regulation. Meaning that clinical trials and post-marketing activities performed in Brazil will be one of the many areas which will need to heavily assess existing processes to ensure future compliance moving forward.
PharSafer will continue to monitor this topic and communicate any further information as it is made available.
To stay up-to-date with all PharSafer industry information, follow us on our designated LinkedIn!