New developments on data protection: Executive Order #869/2018 sanctioned with vetoes

July 11, 2019

New developments on data protection: Executive Order #869/2018 sanctioned with vetoes

The sanction modifies the wording of the Brazilian General Data Protection Act

On July 8, Brazilian President Jair Bolsonaro sanctioned Executive Order #869/2018, which establishes changes on Brazilian General Data Protection Act and, primarily, provides for the creation of the National Protection Data Authority (NPDA). The President, however, vetoed some relevant aspects of the text passed by Congress.

Regarding the sanctions for data mismanagement, the President vetoed the penalties of full or partial suspension of the database operation and full or partial prohibition of the data treatment.

The vetoes also suppressed the obligation that the revision of automated decisions be made by a natural person. Furthermore, according to the new provisions, the Data Protection Officers are not legally required to hold legal-regulatory data privacy background anymore.

In the next months, the President shall define the internal rules and composition of the NPDA. After fully implemented, it will be important to keep track of the Authority’s first steps regarding the enforcement of the law. Meanwhile, the clock is ticking and companies have until August 2020 to be compliant with the Law.

Our team has been assisting different companies in projects regarding compliance with the Brazilian Data Protection Act. For more information regarding the matter or to receive an English version of the Law, email us at