Welcome to Compliance & Corporate Ethics In Practice!

Have you ever heard about “Corruption by Design”? In this edition, we share the podcast of NBW that explains the concept, as well as highlight in the To Know More the dissertation by the Brazilian Maria da Graça Ferraz de Almeida Prado, a specialist in the subject by the London School of Economics and Political Science.

We hope you enjoy it!

* * *

US Education Department investigates college bribery scheme Universities of Southern California, Yale, Georgetown, Stanford, as well as other five American universities are under investigation following a recent scandal involving the payment of bribe by parents of students to cheat the process of admission in the institutions. (Independent, 04.02.2019)

* * *

The EU’s New Action Plan to Fight Money Laundering In response to the investigations of Panama Papers and Paradise Papers, as well as the scandals involving the major European banks, the European Parliament approved a detailed road map having as the principal purpose the verification of the laws and regulations, both in reference to the fight against the money laundering and financial crimes. (OCCRP, 03.27.2019)

* * *

Brazilian Senate approves compliance program for political parties With the aim of increasing transparency and avoiding corruption acts, the Bill 429/2017 follow to analysis by the Chamber of Deputies. The project expects a set of internal mechanisms of control, auditing, report of irregularities, as well as periodic training by the parties to its affiliates, employees and leaders. (Senado, 03.27.2019)

* * *

ABAP presents the Checklist to compliance for advertising agencies Addressed to the Brazilian adversting agencies, the document “Diretrizes de Compliance: Guia de boas práticas para o mercado publicitário ” provides a step-by-step for implementation of the compliance program. To download the guide click here. (The Weather, 03.25.2019)

* * *

To Know More
The term “Corruption by Design” emerged to explain that there is not only one way to practice unlawful acts. On the contrary, to understand corruption it is also necessary to understand its motivations and the perspective to which it is connected and structured, so as to guarantee its prevention in an effective and lasting way. In this sense, we share the dissertation “Corruption by design” and the management of infrastructure in Brazil: Reflections on the Programa de Aceleração ao Crescimento – PAC” by the Brazilian Maria da Graça Ferraz de Almeida Prado, a specialist inpublic policies by the London School of Economics and Political Science.

* * *

To send your suggestions/opinions to our newsletter, click here.
To receive our newsletter, please, click here.

And don’t forget: stay in compliance!
See you in our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“In the month of International Women’s Day, we highlight the article “8 female anti-corruption fighters who inspire us” which exposes the exceptional work of eight women who act as protagonists in fighting corruption around the world.”

(Transparency International, in 03.08.2019)

* * *

Facebook releases a tool for the deletion of personal data In addition to allowing the deletion of personal data, the “clear history” allows users to check applications and websites that access information in the platform. (Migalhas, 02.28.2019)

* * *

Forbes Magazine Publishes Article on Workplace Integrity The article reinforces the importance of entrepreneurs preserving integrity for ensuring and future of business. Recommended practices include maintaining personal values, transparency, and commitment to the corporate’s mission and ideals beyond the workplace. (Forbes Magazine, 02.26.2019)

* * *

German company reaches an agreement with US authorities After an anonymous complaint, the German company Fresenius Medical Care, a manufacturer of equipment for dialysis, reaches an agreement with American authorities on investigations involving transnational bribes, violation of the Foreign Corrupt Practice Act (FCPA) and other American anti-bribery laws. (Wall Street Journal, 02.25.2019)

* * *

CARF announces the creation of Code of Ethics The Administrative Council of Tax Appeals (CARF) will implement a code of ethics in order to guide actions of the collegiate. The code will be dedicated to aspects that are not detailed in the internal regulation or the Code of Ethics of the Public Servant. (Conjur, 02.22.2019)

* * *

Disney and Nestlé withdraw ads from YouTube In comments, users denounce the release of videos containing content referring to the “soft-core pedophilia ring”. YouTube’s spokesperson said the platform has clear policies banning any content that exposes children to danger or encourages illegal activity. (Época Negócios, 02.20.2019)

* * *

Silicon Valley Activists Launch Campaign to End “Unethical Technology” Fight for the Future, a non-profit digital defense group has launched an initiative to support technology workers who want to report harmful products and practices in companies. The move comes at a time when Silicon Valley’s most powerful firms are facing increasing internal and external reaction to possible damage to ethically dubious technologies and government partnerships. (The Guardian, 02.19.2019)

* * *

Walmart faces lawsuits over gender discrimination in the US Employees and former employees have filed lawsuits against the retailer on allegations of unequal payments. According to information from the employees’ lawyer “there was a culture in Walmart that existed long before 1999 and continued, and still continues, and the circumstance that women were selected for various positions without opportunity for growth, and no opportunity for promotion” (The Guardian, 02.18.2019)

* * *

To Know More
Nowadays, corruption is a topic that demands not only the fight against criminal networks and money laundering but also the collaboration among states for the recovery of assets. In this sense, we share the article “Challenges and advances in the prevention and fight against corruption”, published by Conjur and authored by prosecutor Regina Tamami Hirose, which highlights the importance of educational actions directed, especially, to children and teenagers, in order to guarantee effective and gradual transformation in social behavior.

* * *

We hope you enjoy it!

Please, to send your suggestions/opinions to our newsletter, click here.
To receive our newsletter, please, click here.

And don’t forget: stay in compliance!
See you in our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“Whether it is reinforcing a company’s culture and values, maintaining an environment that enables success for everyone regardless of gender or background, or building a reputation in the marketplace, I think the tide is changing to embrace solid approaches to governance.”

(Michael Callahan, Professor at Stanford University)

* * *

UK lawmakers claim for regulation of digital platforms Report released by committee states that Facebook is a “digital gangster” and has intentionally violated the data privacy and competition law. According to the chairman of the committee, “the rights of the citizen need to be established in statute, by requiring the tech companies to adhere to a code of conduct written into law by Parliament, and overseen by an independent regulator”. (Reuters, 02.17.2019)

* * *

Agreement creates anti-corruption partnership in the Brazilian Ministry of Education After disclosing fraud in educational programs such as PROUNI and PRONATEC, the Brazilian Ministry of Education, together with the Brazilian Ministry of Justice, the Federal Comptroller General (CGU) and the Federal Attorney General (AGU), signed an agreement to ensure greater effectiveness in investigating corruption in the institution (Brazilian Ministry of Justice and Public Security, 02.14.2019)

* * *

American companies face added pressure for women in positions of leadership The number of public traded companies with all-male boards has decreased in recent years, with investors demanding more diversity in companies’ board, including small and medium-sized companies. (Wall Street Journal, 02.13.2019)

* * *

To Know More
The increased surveillance and technological advances have brought significant changes to the corporate world. In this regard, we share the article “Business Ethics And Integrity: It Starts With The Tone At The Top“, by Betsy Atkins, published on Forbes Magazine, that indicates the best strategies to be adopted by top leaders to ensure the construction of corporate culture integrity, transparency, and collaboration, as well as the improvement of the working environment as a whole.

* * *

We hope you enjoy it!

Please, to send your suggestions/opinions to our newsletter, click here.
To receive our newsletter, please, click here.

And don’t forget: stay in compliance!
See you in our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“Countries capable of confronting corruption use their human and financial resources more efficiently, attract more investment, and grow more rapidly.”

(The World Bank)

* * *

Former President Lula is convicted for corruption and money laundering – The federal judge Gabriela Hardt, in charge for the trial of cases concerning the Operation Car Wash, condemned the Brazilian former President for more 12 years and 11 months in the criminal procedure involving the lake house of Atibaia. According to the sentence, the construction was paid by the contractors OAS, Odebrecht, and Schahin. Lula had already been convicted in the case of the triplex apartment in Guarujá. (Reuters, 06.02.2019)

* * *

Minister Sergio Moro presents Anticrime Package – According to the Minister, the proposal updates the current legislation to the present reality, and try to give more agility to the execution of penalties and reduce the sense of impunity. The package, which aims to make more effective the fight against corruption, violent crime and organized crime, depends on the approval of the Brazilian Congress. (Reuters, 04.02.2019)

* * *

LSH Barra investors are arrested for corruption – The Federal Police arrested 13 executives by the diversion of public resources for investments in the LSH Barra Hotel. The executives are being charger for corruption, money laundering and crimes against the financial system. (The New York Times, 31.01.2019)

* * *

Brazil reaches your worst score in the corruption perception index (CPI) – Brazil fell 9 positions in the CPI this year compared to the previous year, ranking 105th among 180 countries evaluated. The score has gone from 37 to 35. This is the worst result since 2012, when the data became comparable year by year, and represents the 3rd annual decline followed. To the Transparency International-Brazil, although there have been advances in the fight against corruption, it is essential to carry out a “medium and long-term reforms that demonstrate a serious commitment to the elimination of the structural causes of this social problem.” (Estadão, 01.29.2019)

* * *

Netflix creates new executive position focused on inclusion and diversity – The new executive will have the mission to help create and implement strategies to the cultural diversity, inclusion, and equity into all aspects of Netflix’s worldwide. Her appointment comes two months after the dismissal of the director’s resignations of communications dismissal for racial offenses in the workplace. (Los Angeles Times, 29.01.2019)

* * *

To Know More
On January 28, the 11th International Data Protection Day was celebrated, a date created by the European Council in 2007 to raise awareness of the importance of data protection and security. For this reason, we share the article published by Forbes Magazine whereby 11 experts reflect on the importance of the date, as well as on the main demands of cybersecurity. (Forbes, 27.01.2019)

* * *

We hope you enjoy it!

Please, to send your suggestions/opinions to our newsletter, click here.
To receive our newsletter, please, click here.

And don’t forget: stay in compliance!
See you in our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“My message is, please do not adapt to corruption. The private sector, citizens, we need to put an end to indifference to corruption.”

(Transparency International chief Delia Ferreira Rubio says in Davos)

* * *

Data breach exposes more than 773 million e-mails – Published by the Australian researcher Troy Hunt, owner of the website Have I Been Pwned?, the data breach Collection #1 indicates that about 773 million e-mails and more than 20 million passwords have been compromised. According to Hunt, “as the data breached is easily accessible, they can be used for malicious purposes without difficult”. Find out if your e-mail has been affect by clicking here. (G1, 17.01.2019)

* * *

Approved Provisional Measure creating the National Data Protection Authority in Brazil (ANPD) – The provisional measure no. 869/2019 amends provisions of Brazilian General Data Protection Law (LGPD), as well as creates the National Data Protection Authority, an agency linked to the Presidency of the Republic, responsible for protecting, implementing and monitoring the compliance with LGPD. Among the changes, stands out the extension of the deadline for entry into force of the obligations contained in LGPD for August 2020. (Câmara dos Deputados, 03.01.2019)

* * *

Federal Decree changes the regimental structure of the CGU – Decree 9,681/2019 aims to strengthen the Brazilian Federal General Controller (CGU), as well as create a specialized secretary for the combat of the corruption and in the performance of the leniency agreements. (Conjur, 01.04.2019)

* * *

Eletrobrás joins to the leniency agreement between Odebrecht and CGU – As a result, Eletrobrás and its affiliates will receive a compensation of R$162 million of Brazilian Real for their participation in hydropower plants of Santo Antônio and Belo Monte. “The adhesion to the agreement is an opportunity to return to Eletrobrás part of the resources to which the company is entitled, due to the losses caused by Odebrecht, resulting from the corruption scheme unveiled by Operation Lava Jato,” the statement said. (Valor Econômico, 01.02.2019)

* * *

To Know More
According to the World Bank, around one-third of firms pays bribery to government officials for preferential treatment, number that reaches an estimated amount of U$400 billion a year. Based from this assumption and taking into account that the corporate corruption it’s a practice that results in damage to the business, the question that arises is: Why do briberies continue? How can companies cease this habit? Those and other questions are brought to attention by the American writer David Montero through the article “How Managers Should Respond When Bribes Are Business as Usual”, published on Harvard Business Review, which identifies preventive measures to be adopted by the companies.

* * *

We hope you enjoy it!

Please, to send your suggestions/opinions to our newsletter, click here.
To receive our newsletter, please, click here.

And don’t forget: stay in compliance!
See you in our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“The scientific and technological revolution needs a moral revolution. This is the big challenge of our time. For this century be better, we need to do better “

(Brad Smith, Presidente da Microsoft)

* * *

Technology experts share measures for data protection on digital platforms – Forbes magazine has published a report which advises Facebook platform to use preventive measures to avoid new data breaches by hackers. More transparent policies are on the list of items needed for cybersecurity. (Forbes, 11.13.2018)

* * *

Brazil’s Former Attorney General highlights compliance as a fundamental item on the fight against corruption – At an event that brought together key leaders of legal departments of Brazil, Rodrigo Janot warned about the liabilities of officers and managers on compliance matters. According to him, all the companies must have a compliance program. (Migalhas, 11.09.2018)

* * *

Authority responsible for data protection in France publishes guidance on blockchain – In order to answer questions about the compatibility of the new technology and the General Data Protection Regulation (GDPR), the National Commission on Information Technology and Freedom (CNIL) has published first-of-its-kind guidance for the blockchain technology. (IAPP, 11.07.2018)

* * *

Increase whistleblowing of moral harassment in the Brazilians companies – A risk management company conducted a survey which identified the harassment as being the main complaint received in the whistleblowing channels. Numbers indicate that just over the year of 2017, 8 out of ten 10 companies had at least 1 case of harassment reported. (Canal Executivo, 11.06.2018)

* * *

Brazilian Federal Supreme Court Minister defines corruption as systemic in Brazil – In a lecture called “Corruption, Governance and Human Rights: The case of Brazil” held at the Kennedy School, Minister Luís Roberto Barroso stated that Brazil needs structural reforms to overcome corruption. (Migalhas, 11.07.2018)

* * *

Governor-elect of Rio de Janeiro announces anti-corruption promises – “Let’s create an anti-corruption hotline and a program for integrity test of the public servant. We have a sector for outward signs of wealth. The public servant will be watched: have to explain if you are with car, house or incompatible heritage “, said Wilson Witzel, which promises yet, implement a compliance program that will be valid even for own State Chief Executive.” (Conjur, 11.04.2018)

* * *

To Learn More
Brazilian Federal Constitution grants powers to the Federal Audit Court to inspect the financial, budgetary, accounting, operational and patrimonial of public entities, in a practical, ethical and responsible manner. However, scandals involving counselors linked to the Audit Courts are not unusual. In this sense, we recommend reading the article “The role of external control in the fight against corruption” by Julio Marcelo de Oliveira, Public Prosecutor of the Federal Audit Court. The article exposes the sensitive role of the Federal Audit Court and how to improve its performance.

* * *

We hope you enjoy it!

And don’t forget: stay in compliance.

Please, send your opinion, suggestions and tips that may help with the newsletter, click here.
If you would like to register to receive our newsletters by e-mail, click here.
See you on our next edition!

Compliance Desk

Welcome to Compliance & Corporate Ethics In Practice!

“In any event, there must be minimum internal controls, which ensure the permanent compliance with the regulations in force. Of course, the size of the institution cannot serve as an excuse for non-compliance with the rules laid down by the regulatory body for all market participants, regardless of the size of each.”

(Pablo Renteria, Director of the Brazilian Securities and Exchange Commission)

* * *

Judge Moro to Become Justice Minister – Sergio Moro has accepted the invitation made by the President-elected Jair Bolsonaro to become the new Justice Minister. The Brazilian federal judge has been the driving force behind an anti-corruption probe known as Operation Car Wash. “The perspective of implementing a strong anti-corruption and organized anti-corruption agenda, with respect to the Constitution, the law and the rights, led me to make this decision”, he said in an official note. (The New York Times, 11.01.2018)

* * *

Facebook fined by UK watchdog for Cambridge Analytica scandal – Facebook has been fined £500,000 by the Information Commissioner’s Office as a result of the Cambridge Analytica scandal, after allowing access to user information without sufficient consent. The fine, low when compared to company global revenue in 2017 ($40.7bn), was the maximum available to the regulator under old data protection legislation. The Information Commissioner found that the personal information of at least 1 million UK users was among harvested data and was consequently put at risk of further misuse. The Information Commissioner’s Office also insisted that the company could have faced a substantially higher fine of up to £1.2bn under the new regulatory system. (BBC, 10.25.2018)

* * *

Former FIFA Council member banned from sports because of corruption – Kwesi Nyantakyi, a former FIFA Council member and chairman of the Ghana Football Federation, was banned from football for life after being filmed receiving bribes. Ethics Committee considered him guilty of bribery, corruption and conflict of interest. Nyantakyi was also fined 500,000 Swiss francs (about R $ 1,840 million). (Washington Post, 10.25.2018)

* * *

To Know More
The concern with the prevention and combat of bribery and corruption practices is already a reality for many Brazilian companies. Internal procedures, mandatory certifications and good practices in operations have guaranteed the private sector relevant results in reducing illicit activities. In this context, strengthening these practices through the use of international standards can be a powerful tool to assist companies, ensuring the strengthening of good practices, providing clearer and more consistent communication to the board and top management, the chain supplies and employees. In this regard, we recommend reading the article “How to fight corruption within your company” by Ravi Venkatesan and Leslie Benton, published by Harvard Business Review. The article provides information about the ISO37001, issued by the International Organization for Standardization (ISO) in 2016, to help companies implement an anti-bribery management system and strengthen the controls they already have.

* * *

We hope you enjoy it!

If you want to send critiques, suggestions of topics and tips that may contribute to our newsletter, click here.
If you would like to register to receive our newsletters by e-mail, click here.

See you on our next edition!
And do not forget: stay in compliance!

Compliance Desk

On August 14, President Michel Temer sanctioned the law that regulates the protection of personal data in Brazil (General Law of Data Protection – LGPD).

As expected, the creation of the National Data Protection Agency, as foreseen in the text approved by the Senate, was not approved by the President due to a lack of competence. As a result, new legislation to be enacted in the coming months will provide for the competent authority to supervise and impose penalties on those subject to the new regulation.

The LGPD is inspired by the European GDPR, which came into force last May. The LGPD will enter into force in February 2020, after a transition period (vacatio legis) of 18 months

Among the new rules sanctioned by the Brazilian President, we highlight:

Principles.  The LGPD establishes principles that should be observed in the activities of processing personal data, including good faith, purpose, necessity, free access, security, and accountability, as proof of the adoption of effective measures capable of compliance with the rules for the protection of personal data.

Treatment of Personal Data.  The processing of personal data may only be carried out in the cases provided for in the LGPD. Among the hypotheses foreseen are the express consent of the holder and the legitimate interest of the controller. In the case of consent, this must be provided in writing or by other means that demonstrates the manifestation of the will, and the controller bears the burden of proving that it was obtained in accordance with the law, and may be revoked at any time. In turn, legitimate interest would theoretically allow the use of data for purposes other than those initially authorized by its owners or those that led to its creation.

Personal Data, Sensitive Personal Data, and Public Data.  “Personal data” means any information related to the natural person identified or identifiable (holder) – name, CPF, e-mail address, etc. The LGPD still defines “sensitive personal data” as any information on racial or ethnic origin, religious belief, political opinion, trade union membership or organization of a religious, philosophical or political nature, as well as data relating to health or sex life, genetic data or biometric when linked to a natural person. The requirement of consent provided for in the LGPD may be waived for personal data made manifestly public by the holder.

Rights of the Holders. The holders of personal data have had their rights expanded, especially direct access to data, rectification, cancellation/exclusion, opposition to treatment, information and explanation on the use and portability of personal data.

Responsibility of the Agents. Agents responsible for the collection/processing of personal data (controllers and operators) may be held jointly and severally liable in case of violation of the LGPD. However, the liability of the operator may be limited to its contractual and information security obligations, provided that it does not violate its obligations under the LGPD.

Data Protection Officer. The controllers must define who will be in charge of data protection in the company. This professional, usually called the  Data Protection Officer, will be the focal point between the controllers, the Authority, and the data holders.

Data Protection Impact Report. Authority may determine to the controller to prepare an impact report on the protection of personal data (RIPD) regarding its data processing operations. The elaboration of the RIPD may be mandatory in situations already characterized as risky or, at the request of the Authority, when the data processing is based on legitimate interest. The RIPD should contain at least a description of the types of data collected, the methodology used for its collection, and details of information security.

International Transfer of Personal Data. The international transfer of personal data is permitted only in specific cases, among them, (1) when the controller offers and demonstrates guarantees of compliance with the principles, rights of the holder and the data protection rules set forth in the LGPD, in the form of (a) specific contractual clauses for a particular transfer; b) contractual standard clauses; c) global corporate standards; (d) regularly issued stamps, certificates and codes of conduct subject to the approval of the Authority, or (2) where the holder provides specific consent for the international transfer.

Incident Reporting. The controller shall notify the Authority and the holder of the occurrence of a security incident that could cause significant risk or damage to the owners within a reasonable time.

Penalties. The LGPD establishes penalties in case of noncompliance, including warnings, suspension, and prohibition of data processing regarding the infraction, or application of a fine equivalent to up to 2% of gross sales in Brazil, limited to R $ 50 million.

The teams of the Fraga, Bekierman & Cristiano Advogados office in Rio de Janeiro and São Paulo are available to clarify any doubts and assist in the implementation of the essential changes required to comply with the briefly expected new legislation on the protection of personal data.

On July 11, the Federal Senate approved Bill 53/2018, which regulates the protection of personal data in Brazil (LGPD).
With broad implications, the LGPD draws on the recently implemented General Regulation on Data Protection of the European Union (GDPR), establishing obligations for any persons or companies that collect / treat personal data or offer goods or services in Brazil, even though the collection/treatment takes place abroad and regardless of the nationality of those involved, with rare exceptions.

We highlight that the LGPD is still pending a sanction by the President of the Republic and there is a significant risk that relevant parts will be vetoed, in particular, the one which creates the National Data Protection Authority. We will follow the development of this issue with specific attention.

Among the new rules approved by the National Congress, we highlight:

Principles.  The LGPD establishes principles that should be observed in the activities of processing personal data, including good faith, purpose, necessity, free access, security, and accountability, as proof of the adoption of effective measures capable of compliance with the rules for the protection of personal data.

Treatment of Personal Data.  The processing of personal data may only be carried out in the cases provided for in the LGPD. Among the hypotheses foreseen are the express consent of the holder and the legitimate interest of the controller. In the case of consent, this must be provided in writing or by other means that demonstrates the manifestation of the will, and the controller bears the burden of proving that it was obtained under the law, and may be revoked at any time. In turn, legitimate interest would theoretically allow the use of data for purposes other than those initially authorized by their owners or those that led to their creation,

Personal Data, Sensitive Personal Data, and Public Data.  “Personal data” means any information related to the natural person identified or identifiable (holder) – name, CPF, e-mail address, etc. The LGPD still defines “sensitive personal data” as any information on racial or ethnic origin, religious belief, political opinion, trade union membership or organization of a religious, philosophical or political nature, as well as data relating to health or sex life, genetic data or biometric when linked to a natural person. The requirement of consent provided for in the LGPD may be waived for personal data made manifestly public by the holder.

Authority.  The LGPD provides for the creation of a public authority responsible for compliance with the GDDS. The National Data Protection Authority (Authority) shall be bound to the Ministry of Justice and shall supervise, apply penalties and issue regulations regarding the protection of personal data.

Rights of the Holders. holders of personal data have had their rights expanded, especially direct access to data, rectification, cancellation/exclusion, opposition to treatment, information and explanation on the use and portability of personal data.

Responsibilities of Agents.  Agents responsible for the collection/processing of personal data (controllers and operators) may be held jointly and severally liable in case of violation of the LGPD. However, the liability of the operator may be limited to its contractual and information security obligations, provided that it does not violate its obligations under the LGPD.

Data Protection Officer.  The controllers must define who will be in charge of data protection in the company. This professional, usually called the Data Protection Officer, will be the focal point among the controllers, the Authority, and the data holders.

Data Protection Impact Report. The Authority may determine to the controller that it elaborates a personal data protection impact report (PDPIR), regarding its operations of data treatment. The elaboration of the PDPIR may be mandatory in situations already characterized as risky or, at the request of the Authority, when the data processing is based on legitimate interest. The PDPIR should contain at least a description of the types of data collected, the methodology used for its collection, and details of information security.

International Transfer of Personal Data.  The international transfer of personal data is permitted only in specific cases, among them, (1) when the controller offers and demonstrates guarantees of compliance with the principles, rights of the holder and the data protection rules set forth in the LGPD, in the form of (a) specific contractual clauses for a particular transfer; b) contractual standard clauses; c) global corporate standards; (d) regularly issued stamps, certificates and codes of conduct subject to the approval of the Authority, or (2) where the holder provides specific consent for the international transfer.

Incident Reporting.  The controller shall notify the Authority and the holder of the occurrence of a security incident that could cause significant risk or damage to the owners within a reasonable time.

Penalties. The LGPD establishes penalties in case of noncompliance, including warnings, suspension, and prohibition of data processing regarding the infraction, or application of a fine equivalent to up to 2% of gross sales in Brazil, limited to R $ 50 million.

Deadline. The LGPD will enter into force in 18 months, counting from the date of the presidential sanction.

The teams of the Fraga, Bekierman & Cristiano Advogados office in Rio de Janeiro and São Paulo are available to clarify any doubts and assist in the implementation of the essential changes required to comply with the briefly expected new legislation on the protection of personal data.

 

 

As has already been done by national and foreign entities that registered with the CNPJ (taxpayer ID for legal entities) as of 07/17/2017, those registered after that date must inform their final beneficiaries to the Federal Revenue Department by the deadline of 12/31/2018. The obligation will be anticipated if there is a database change before 12/31/2018.

The requirement outlined in art. 8 of the IN RFB 1,634/2016 was finally regulated by the Executive Declaratory Act COCAD No. 9, published on 10/25/2017.

Final beneficiary consists of the individual who ultimately, directly or indirectly, possesses, controls or significantly influences the entity, or the natural person in whose name a transaction is conducted. A significant influence is assumed when the individual owns more than 25% of the capital of the entity, directly or indirectly, or holds or exercises the preponderance, directly or indirectly, in the social deliberations and the power to elect the majority of the administrators of the entity, even without controlling it.

International organizations, public companies, and binational companies will not need to inform their final beneficiaries.

We remain available to provide any assistance that may be necessary to carry out the procedures described above.