Support Centre
Brazil General Data Protection Law
workspace-icon
Back

Brazil General Data Protection Law

Comply with Brazil's General Data Protection Law ('LGPD')

The LGPD entered into force on 18 September 2020, although its enforcement provisions entered into effect on 1 August 2021. The LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and creates novel requirements on the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer appointments, Data Protection Impact Assessments, data transfers, and data breaches. It will be enforced by the Brazilian data protection authority ('ANPD') which, when established, is expected to provide important guidance and clarity on the provisions of the LGPD.

The LGPD has many similarities to the EU's GDPR, granting certain data privacy rights to data subjects in Brazil and requiring organisations that process personal data to meet specific data protection obligations.

OneTrust's LGPD solutions are backed by AI, robotic automation and regulatory research, ensuring quick time to value, efficiency and unparalleled guidance as you build, adapt, and mature your LGPD program.

Find out more about OneTrust's full suite of solutions here.

Operationalising the LGPD

OneTrust DataGuidance, in collaboration with its network of Brazilian privacy experts, are producing a series of articles examining the core operational aspects for organisations to consider.

Read Part One - DSARs & breach notification requirements
Read Part Two - Data mapping & assessments
Read Part Three - Consent and other lawful bases
Read Part Four - Vendor risk management
Read Privacy policies under the LGPD
Read LGPD v. GDPR
Read LGPD v. CCPA

LGPD v. GDPR Benchmark

OneTrust DataGuidance and Baptista Luz Advogados have produced a free LGPD v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the LGPD comparative to the GDPR. You can also leverage this information through our LGPD v. GDPR Comparison in the tab above.

Brazil Privacy Landscape Overview

Watch our Brazil Overview video to understand the state of privacy in Brazil in today.

See all LGPD News
14 June 2022

Brazil: Provisional measure published amending LGPD with respect to ANPD

Provisional Measure No. 1,124 of 13 June 2022 was published, on 13 June 2022, in the Official Gazette, amending Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and transforming the Brazilian data protection authority ('ANPD') into an autonomous body of special nature.

Legal Reform, Supervisory Authority,
07 June 2022

Brazil: Anatel issues precautionary measure to combat robocall calls

The National Telecommunications Agency ('Anatel') issued, on 3 June 2022, a Precautionary Measure No. 160/2022/COGE/SCO on robocalls, with the aim of reducing the volume of such calls, without affecting usual telemarketing services.

Automated Calls, Telemarketing, Telecommunications and Electronic Communications,
06 June 2022

Brazil: ANPD announces survey for educational activities on privacy

The Brazilian data protection authority ('ANPD') announced, on 2 June 2022, that it is conducting a public survey to identify topics and formats for the implementation of educational activities, with the aim of promoting a culture of education on privacy.

Awareness and Training,
27 May 2022

Brazil: ANPD issues analysis of adequacy of WhatsApp's privacy policy with LGPD 

The Brazilian data protection authority ('ANPD') issued, on 25 May 2022, the third Technical Note No. 49/2022/CGF/ANPD on the analysis of the adequacy of Whatsapp LLC's privacy policy with Law No. 13.709 of 14 August, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').  

Accountability, Privacy Notices, Privacy by Design,
27 May 2022

Brazil: ANPD issues recommendations to government portal on cookie collection practices

The Brazilian data protection authority ('ANPD') released, on 26 May 2022, recommendations to the government on its web portal and adequacy with cookie collection practices in line with Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').

Consent, Public Sector, Cookies,
24 May 2022

Brazil: Federal Government publishes Decree that regulates the National Policy on Climate Change

The Federal Government published, on 19 May 2022, Decree No. 11.075 of 19 May 2022 which establishes the procedures for the preparation of Sectoral Plans for Mitigation of Climate Change and institutes the National System for the Reduction of Greenhouse Gas Emissions.

Environmental, Social, and Governance,
19 May 2022

Brazil: ANPD calls for comments on regulation of international data transfers

The Brazilian data protection authority ('ANPD') announced, on 18 May 2022, that as of  the same date, it is accepting comments and submissions for the preparation of regulations on international data transfers.

Legal Reform, Cross-Border Data Transfer, Mechanisms - Adequate Protection, Mechanisms - Binding Corporate Rules, Mechanisms - International Agreements, Mechanisms - Standard Contractual Clauses,
13 May 2022

Brazil: IAB publishes guide on efficient data management 

The Interactive Advertising Bureau of Brazil ('IAB Brazil') published, on 29 April 2022, its Guide on Efficient Data Management. In particular, the guide addresses the main concerns and opportunities to be explored to build and maintain an information structure containing data-driven decisions.

Direct Marketing, Documented Procedures, Management Review,
12 May 2022

Brazil: Chamber of Deputies approves bill to facilitate access to fingerprint database for investigation purposes 

The Public Security Commission of the Chamber of Deputies announced, on 11 May 2022, the approval of Bill No. 1392/21 to facilitate access to the National Multibiometric and Fingerprint Bank, without the previous judge's authorisation, in order to facilitate law enforcement’s identification of citizens who have committed crimes. 

Law Enforcement, Legal Reform, Biometric Data,
12 May 2022

Brazil: Senate extends deadline for AI framework submissions 

The Senate announced, on 11 May 2022, that the deadline for suggestions from experts and other sectors of society related to the new regulatory framework on artificial intelligence ('AI') has been extended.

Legal Reform, Artificial Intelligence,
11 May 2022

Brazil: CNPD publishes resolution on its internal regulations 

The National Council for Data Protection ('CNPD') published, on 10 May 2022, in the Official Gazette, CNPD Resolution No. 1 of 6 May 2022 that establishes the internal regulations of the CNPD. In particular, among the various topics on the structuring of the CNPD, the Resolution addresses matters such as: 

Supervisory Authority,
06 May 2022

Brazil: Senate proposes bill to amend Penal Code qualifying computer device invasion as a crime 

The Brazilian Senate proposed, on 7 April 2022, Bill No. 879 of 2022 which would amend Decree-Law No. 2,848, of 7 December 1940 ('Penal Code') to qualify computer device invasion as a crime when personal data is obtained in this way, and create the crime of 'kidnapping of computer data'.  

Legal Reform, Public Sector, Cyber Risks and Threats, Cybersecurity,
05 May 2022

Brazil: ANPD publishes study on data processing for academic purposes and performance of studies by research bodies

The Brazilian data protection authority ('ANPD') published, on 3 May 2022, its technical study on the processing of personal data for academic purposes and the performance of studies by a research body under Law No. 13.709 of 14 August 2018, the General Personal Data Protection Law (as amended by Law No.

Fair and Lawful Processing, Legal Basis,
28 April 2022

Brazil: ANPD publishes updated guidance on data controllers, processors, and DPOs

The Brazilian data protection authority ('ANPD') published, on 27 April 2022, the Version 2.0 of its Guidance for Personal Data Processing Agents and Data Protection Officers ('DPO'), which was initially published on 28 May 2021.

Data Protection Officer Appointment, Data Protection Officer Tasks, Data Controller, Data Processor,
22 April 2022

Brazil: ANPD issues inspection notice on Ordinance authorising data sharing with third parties 

The Brazilian data protection authority ('ANPD') issued, on 20 April 2022, an official clarification note stating that it was made aware of the publication of Ordinance No.

Fair and Lawful Processing, Transparency, Investigations, Legal Reform,
20 April 2022

Brazil: Ministry of Economy publishes ordinance on sharing of personal data with third parties

The Ministry of Economy published, on 19 April 2022, Ordinance No. 167 authorising the Federal Service for Data Processing ('SERPRO') to provide third parties with access to data subject's personal data, under the management of the Special Secretariat of the Federal Revenue Service of Brazil ('RFB').

Informing Third Parties, Personal Data, Public Sector,
See all LGPD Insights
Jun 2022

Brazil: ESG regulation in Brazil - Part one: Exploring the 'E'

Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.

Environmental, Social, and Governance,
May 2022

Brazil: Updated guidance on DPOs

Almost one year after the publication of the Brazilian data protection authority's ('ANPD') first guidelines ('the Guidelines'), which address the definitions of processing agents and general requirements for data protection officers ('DPOs'), the regulator has issued an updated version with a few modifications1, mostly aimed at clari

Data Protection Officer Appointment, Data Protection Officer Tasks,
Apr 2022

Brazil: New data protection regulations for banks

The rules for banks in Brazil are changing, with new rules and regulations for such institutions to abide by. Ana Carolina Ferreira de Melo Brito, Rodrigo da Fonseca Chauvet, and Fabiana Cicchetto, from Trigueiro Fontes Advogados, discuss these developments and their impact.

Financial Services,
Mar 2022

Brazil: Data protection in the cryptocurrency market

The proliferation of cryptocurrency as a means of payment in recent times has made it all the more necessary to examine the data privacy aspects of this technology. Maria Godoy, Privacy Consultant at Hitachi Systems Security Inc., discusses this topic in the Brazilian context.

Virtual Currency,
Mar 2022

Brazil: The first year of operation of the ANPD

The Brazilian data protection authority ('ANPD') was established by the Article 55-A of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').

Legal Reform, Supervisory Authority,
Feb 2022

Brazil: ANPD regulation on applicability of LGPD to small processing agents

The Brazilian data protection authority ('ANPD') has been active in the past months, with the publication of various guidance documents pertaining to Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and aimed at facilitating compliance.

Data Protection Officer Appointment, Records of Processing, Legal Reform, Cybersecurity, Incident and Breach,
Jan 2022

Brazil: Technological innovations in the real estate market and the LGPD

In light of technological innovations profoundly impacting market and business performance, questions on how to align requirements and provisions of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') with the dynamics and challenges of the real estate market arise.

Competition, Law Enforcement, Facilitation of Data Subject Rights, Personal Data,
Jan 2022

Brazil: The LGPD and the financial sector

The Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD'), enacted in August 2018, took effect on 18 September 2020.

Financial Services,
Dec 2021

Brazil: Children's data under the LGPD

The entry into force of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.

Protection for Minors, Education, Internet,
Dec 2021

Brazil: ANPD regulation on enforcement

Following public consultation on the matter, the Brazilian data protection authority1 ('ANPD') approved, on 29 October 2021, Regulation CD/ANPD No. 1 ('the Regulation'), regarding the monitoring and enforcement of administrative sanctions by the ANPD. The Regulation entered into effect on the same day it was enacted.

Enforcement - Other, Enforcement - Penalties, Supervisory Authority,
Nov 2021

Brazil: Proposed AI regulation

Artificial intelligence ('AI') and the regulation thereof is a highly contentious topic, and in Brazil this is no different. Simone Mendes Santinato, Director - Privacy and Data Protection Business Unit at Novared Brasil, discusses this in relation to recent proposed legislation and the controversies that this has stirred.

Nondiscrimination, Legal Reform, Artificial Intelligence,
Nov 2021

Brazil: COVID-19 vaccination and related privacy issues

Measures taken throughout the COVID-19 pandemic have brought into the focus the issue of balancing privacy with other fundamental rights, a conflict which is also present with regards to vaccinations and vaccine passports. Rodrigo Berthier da Silva, Attorney at Law at Berthier Advogados Associados, discusses how this topic has developed in Brazi

Proportionality, Right to Privacy, Health and Pharmaceutical, Medical Data,

LGPD v GDPR

Request a jurisdiction

GDPR Benchmark

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Request a jurisdiction

Scope Benchmark

    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Request a jurisdiction

Rights Benchmark

    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Inconsistent

  • Australia

    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Request a jurisdiction

Enforcement Benchmark

    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Brazil - Data Breach

Breach Notification - To Affected Individuals
Breach Notification - To Authorities
Breach Notification - To Data Controllers
Incident Response

Brazil - Data Processing Notification

Registration

Brazil - Employment

Employment

Brazil - Data Protection Officer Appointment

Data Protection Officer Appointment
Data Protection Officer Tasks

Brazil - Data Protection Overview

Legal Reform
Personal Data

Brazil - Data Subject Rights

Facilitation of Data Subject Rights

Brazil - Emarketing

Direct Marketing
Email Marketing

Brazil - Employee Monitoring

Employee Monitoring

Brazil - Data Protection Impact Assessment

Privacy Impact Assessments

Brazil - Health and Pharma Overview

Health and Pharmaceutical

Brazil - Postal Marketing

Direct Marketing
Postal Marketing

Brazil - SMS/MMS Marketing

Direct Marketing
SMS | MMS Marketing

Brazil - Telemarketing

Direct Marketing
Telemarketing

Brazil - Third Country Assessment

Schrems II
Cross-Border Data Transfer
Third Countries

Brazil - Vendor Privacy Contracts

Vendor Contracts
Vendor Management

Brazil - Whistleblowing

Whistleblowing

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.