Upgrade to a premium account to save this to your customizable Workspace
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Brazil General Data Protection Law
Comply with Brazil's General Data Protection Law ('LGPD')
The LGPD entered into force on 18 September 2020, although its enforcement provisions entered into effect on 1 August 2021. The LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and creates novel requirements on the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer appointments, Data Protection Impact Assessments, data transfers, and data breaches. It will be enforced by the Brazilian data protection authority ('ANPD') which, when established, is expected to provide important guidance and clarity on the provisions of the LGPD.
The LGPD has many similarities to the EU's GDPR, granting certain data privacy rights to data subjects in Brazil and requiring organisations that process personal data to meet specific data protection obligations.
OneTrust's LGPD solutions are backed by AI, robotic automation and regulatory research, ensuring quick time to value, efficiency and unparalleled guidance as you build, adapt, and mature your LGPD program.
Find out more about OneTrust's full suite of solutions here.
Operationalising the LGPD
OneTrust DataGuidance, in collaboration with its network of Brazilian privacy experts, are producing a series of articles examining the core operational aspects for organisations to consider.
Read Part One - DSARs & breach notification requirements
Read Part Two - Data mapping & assessments
Read Part Three - Consent and other lawful bases
Read Part Four - Vendor risk management
Read Privacy policies under the LGPD
Read LGPD v. GDPR
Read LGPD v. CCPA
LGPD v. GDPR Benchmark
OneTrust DataGuidance and Baptista Luz Advogados have produced a free LGPD v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the LGPD comparative to the GDPR. You can also leverage this information through our LGPD v. GDPR Comparison in the tab above.
Brazil Privacy Landscape Overview
Watch our Brazil Overview video to understand the state of privacy in Brazil in today.
The Senate announced, on 1 December 2022, the approval of the new draft regulatory framework on artificial intelligence ('AI') by the Commission of Jurists established for the AI Framework.
The Brazilian data protection authority ('ANPD') announced, on 8 November 2022, that it had approved its regulatory agenda for the biennium 2023-2024.
The Brazilian data protection authority ('ANPD') released, on 4 November 2022, a draft record of personal data processing activities ('ROPA') template for small processing agents and is requesting public comments on the same.
The Brazilian data protection authority ('ANPD') published, on 18 October 2022, Guidance on Cookies and Personal Data Protection. In particular, the guidance seeks to identify positive and negative practices associated with the use of cookie policies and cookie banners.
The Chamber of Deputies announced, on 11 October 2022, that it had approved Provisional Measure No. 1,124/22, which transforms the ANPD into an agency of a special nature, granting administrative autonomy to the body.
The Federal Communications Commission ('FCC') announced, on 26 September 2022, that it had signed Memoranda of Understanding ('MoU') with the Brazilian National Telecommunications Agency ('Anatel') and the Romanian National Authority for Management and Regulation in Communications ('ANCOM').
The Brazilian data protection authority ('ANPD') announced, on 29 August 2022, that it is seeking opinions on high-risk processing and issued a questionnaire for this purpose. In particular, the ANPD outlined that Article 4 of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.
The Ministry of Justice and Public Security ('MJSP') announced, on 23 August 2022, that its National Consumer Secretariat ('Senacon') had issued, on the same date, a decision in which it imposed a fine of BRL 6.6 million (approx. €1,290,000) to Facebook, Inc. following the unlawful sharing of personal data of Brazilians.
The Brazilian data protection authority ('ANPD') released, on 16 August 2022, a draft resolution on the application of the administrative sanctions.
The Chamber of Deputies announced, on 12 August 2022, Bill 1515/22 which regulates the application of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.
The Brazilian data protection authority ('ANPD') announced, on 5 August 2022, that it is accepting public comments on its regulatory agenda for the biennium 2023-2024.
The Ministry of Justice and Public Security ('MJPS') announced, on 27 July 2022, that the National Consumer Secretariat ('Senacon') had initiated administrative proceedings against 23 companies for abusive telemarketing practices, for violations of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.
The Ministry of Justice and Public Security ('MJPS') announced, on 20 July 2022, that it had created a reporting channel for unlawful telemarketing activities.
The Ministry of Justice and Public Security ('MJPS') announced, on 18 July 2022, that 180 Brazilian companies were suspended due to abusive telemarketing practices.
Background to the case
The Brazilian data protection authority ('ANPD') released, on 7 July 2022, its Semi-Annual Report on Monitoring and Implementation of the Regulatory Agenda. According to the ANPD, the report aims to show that the supervisory authority is in compliance with Article 4 of the Ordinance No.
The Brazilian data protection authority ('ANPD') announced, on 30 June 2022, that it will implement some visual changes and restrict the content of its websites and official social networks from 1 July 2022 to 2 October 2022, which may be extended until the 30th of October as a result of the 2022 election closure period in Brazil.
Over two years on from the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') entering into force, the regulatory framework for the enforcement of its provisions continues to take shape.
Both Brazil and Chile have existing data protection frameworks which have, in part, been influenced by the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Brazil is currently in the process of fleshing out its approach to regulating cookies, with more extensive guidance on the way. Celina Bottino, Vinicius Padrão, and Flávia Parra Cano, from Rennó, Penteado, Sampaio Advogados, discuss current developments in this area and the relevance of approaches taken in the EU on this matter.
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Almost one year after the publication of the Brazilian data protection authority's ('ANPD') first guidelines ('the Guidelines'), which address the definitions of processing agents and general requirements for data protection officers ('DPOs'), the regulator has issued an updated version with a few modifications1, mostly aimed at clari
The rules for banks in Brazil are changing, with new rules and regulations for such institutions to abide by. Ana Carolina Ferreira de Melo Brito, Rodrigo da Fonseca Chauvet, and Fabiana Cicchetto, from Trigueiro Fontes Advogados, discuss these developments and their impact.
The proliferation of cryptocurrency as a means of payment in recent times has made it all the more necessary to examine the data privacy aspects of this technology. Maria Godoy, Privacy Consultant at Hitachi Systems Security Inc., discusses this topic in the Brazilian context.
The Brazilian data protection authority ('ANPD') was established by the Article 55-A of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Brazilian data protection authority ('ANPD') has been active in the past months, with the publication of various guidance documents pertaining to Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and aimed at facilitating compliance.
The entry into force of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.
LGPD v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
