Flávia De Oliveira Rapozo, MSc

PhD Candidate in Administration and Accounting, Department of Accounting and Finance, FUCAPE Business School

Executive Summary

In this short chapter, we discuss the challenges that small and medium-sized enterprises (SMEs) have encountered to adapt to data protection laws in Europe and Brazil (GDPR and LGPD, respectively). This chapter refers to the findings of Rapozo and Brugni (2021) in Brazil and to the findings of Hartman (2019) in the Netherlands. Our goal was to highlight those uncertainties regarding the applicability of the law and how the delay in defining differentiated treatment for Brazilian and European SMEs increased the cost of compliance and brought additional impacts to daily business life, which had to be adapted in the middle of a pandemic period. Finally, we recommend that the National Data Protection Agency of Brazil (ANPD), and countries in similar stage, provide assertive guidance according to the law, so that such organizations can be clear about the real effort to be made to comply with the requirements.

1. Slow Steps

The increase in electronic transactions, and the risks of data leakage, caused the European Union to approve the General Data Protection Regulation (GDPR) in 2016, which came ...