Continuing the LGPD 5-year campaign with a series of interviews with big names in the privacy and data protection market, we invited Henrique Fabretti.
Henrique is a partner at Opice Blum Advogados Associados, a lawyer, professor and speaker in the area of Privacy and Data Protection. He is a member of the publications advisory board of the International Association of Privacy Professionals (IAPP), where he also served as chair of Knowledge.net in the 2019-2020 biennium.
Check out the full interview with Henrique Fabretti:
How do you assess advances in privacy and data protection over the last five years?
We have seen a clear evolution in db to data in Brazil, which includes the growth in maturity of organizations, data protection professionals in companies, awareness among executives, etc. There is still a long way to go, but the progress we have seen so far makes us very optimistic about the future of this topic in our country.
What have been the main impacts of the LGPD over the last five years since its implementation?
To focus on just two points, data governance and ethics and information security. Until then, the first point was almost nonexistent. There optimize visuals for search and conversions almost no organizations that focused on defining roles and responsibilities, risk assessment, internal policies, etc., regarding the use of data (personal or otherwise) internally. Today, it is a topic that is part of discussions, from the operational end, back office, to executives. Information security was another area that seems to have gained additional momentum with the LGPD. Of course, it has always been an extremely important and strategic topic for companies. However, when discussing the obligation of personal data security as a regulatory necessity, as well as the obligation to report incidents (on certain occasions) to the ANPD, it helped to boost investments in the area.
What technological advances or emerging trends do you believe could significantly influence the implementation and ongoing compliance with the LGPD in the coming years?
There is a clear trend towards PETs (Privacy Enhancing Technologies) as the main element for extracting more value from personal data, without b2c fax compliance with data protection regulations. The topic is still new worldwide and, in Brazil, it is incipient, but it is certainly a medium and long-term trend.
From your perspective, what are the future expectations for the LGPD, considering possible changes, regulatory improvements and developments in the field of digital privacy?
I do not foresee any significant changes to the text of the law in the near future. However, we have a series of issues that will be brought to light by the ANPD regulatory process, such as the role of the person in charge and governance programs and good sector practices (art. 50, of the LGPD) and enforcement actions , to name just a few examples, which should bring significant impacts to companies’ privacy programs and require rapid adaptation by the market.