In 2021, Resolution 155, issued by the Central Bank, ratified the position that Financial Institutions must adopt practices aimed at implementing the rules contained in the General Data Protection Law (LGPD).
The requirements include the need for contractual authorization from the data subject to process their personal data, as well as authorization for use for any purpose. Furthermore, institutions must maintain a clear policy for deleting such personal data at any time upon request.
The Central Bank Resolution comes into effect in its entirety in October 2022, which demonstrates that Financial Institutions must be prepared to adapt their compliance routines to the provisions of the General Data Protection Law.
