Last Wednesday, Brazil’s Securities and Exchange Commission (Comissão de Valores Mobiliários/CVM) published a page presenting its internal regulations on the protection of personal data, including a privacy policy and the person in charge of processing personal data. The Commission is one of the many public organizations that have been making efforts to improve internal compliance – publishing rules, indicating those responsible and what Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais/LGPD) has established as mandatory for them. It is worth mentioning, for example, that Brazil’s Superior Court of Justice (Superior Tribunal de Justiça/STJ) and most of its other courts have already appointed representatives, just as various federal, state and municipality government agencies have done.
Although these regulations are not aimed at the companies that are subject to their rules, this compilation reveals the CVM’s focus on LGPD compliance, and this may be reflected in more intense requirements from regulated institutions.
BTLAW is at your disposal to assist you in your personal data governance project and any other needs regarding your company's compliance with the laws and regulations that apply to the capital market.