Brazilian General Data Protection Law may require 50,000 DPOs

Published: October 2020Click To View (PNG)

Brazil’s General Data Protection Law is now in effect. Much like the EU General Data Protection Regulation, the LGPD has extraterritorial applicability, meaning any organization processing personal data in Brazil must comply with the law irrespective of the company’s location. One of the LGPD’s requirements for such companies under Article 41 is that they must appoint a data protection officer to be “in charge of processing personal data.” Given the prevalence of data processing in today’s digital economy, we estimate approximately 50,000 DPOs are needed in the immediate term to comply with the LGPD.