Support Centre
Brazil General Data Protection Law
Back

Brazil General Data Protection Law

Comply with Brazil's General Data Protection Law ('LGPD')

The LGPD entered into force on 18 September 2020, although its enforcement provisions will not come into effect until 1 August 2021. The LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and creates novel requirements on the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer appointments, Data Protection Impact Assessments, data transfers, and data breaches. It will be enforced by the Brazilian data protection authority ('ANPD') which, when established, is expected to provide important guidance and clarity on the provisions of the LGPD.

The LGPD has many similarities to the EU's GDPR, granting certain data privacy rights to data subjects in Brazil and requiring organisations that process personal data to meet specific data protection obligations.

OneTrust's LGPD solutions are backed by AI, robotic automation and regulatory research, ensuring quick time to value, efficiency and unparalleled guidance as you build, adapt, and mature your LGPD program.

Find out more about OneTrust's full suite of solutions here.


Operationalising the LGPD

OneTrust DataGuidance, in collaboration with its network of Brazilian privacy experts, are producing a series of articles examining the core operational aspects for organisations to consider.

Read Part One - DSARs & breach notification requirements
Read Part Two - Data mapping & assessments
Read Part Three - Consent and other lawful bases
Read Part Four - Vendor risk management
Read Privacy policies under the LGPD
Read LGPD v. GDPR
Read LGPD v. CCPA


LGPD v. GDPR Benchmark

OneTrust DataGuidance and Baptista Luz Advogados have produced a free LGPD v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the LGPD comparative to the GDPR. You can also leverage this information through our LGPD v. GDPR Comparison in the tab above.


Brazil Privacy Landscape Overview

Watch our Brazil Overview video to understand the state of privacy in Brazil in today.

LGPD v GDPR

GDPR Benchmark

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Scope Benchmark

    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Rights Benchmark

    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina
    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Inconsistent

  • Australia
    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Enforcement Benchmark

    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia
    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free
Cyber Risks and Threats
Cybersecurity
Information Security Officer
Breach Notification - To Affected Individuals
Breach Notification - To Authorities
Breach Notification - To Data Controllers
Incident Response
Data Protection Officer Appointment
Data Protection Officer Tasks
Legal Reform
Personal Data
Facilitation of Data Subject Rights
Direct Marketing
Email Marketing
Employee Monitoring
Privacy Impact Assessments
Health and Pharmaceutical
Direct Marketing
Postal Marketing
Direct Marketing
SMS | MMS Marketing
Direct Marketing
Telemarketing
Schrems II
Cross-Border Data Transfer
Third Countries
Vendor Contracts
Vendor Management
Whistleblowing