Brazil’s General Data Protection law finally became effective on September 18, 2020, after several changes regarding enforcement since its publication on August 14, 2018. In this guest article, Rio de Janeiro-based Demarest attorneys Tatiana Campello and Vanessa Ferro discuss what the law covers, the path to enforcement, recent litigation already filed under the law and compliance steps that companies should take now. See also our two-part series: “GDPR Provides Model for Privacy and Security Laws”: Latin America (Jan. 9, 2019), and Asia (Jan. 16, 2019).