Brazil General Data Protection Law
Comply with Brazil's General Data Protection Law ('LGPD')
The LGPD entered into force on 18 September 2020, although its enforcement provisions entered into effect on 1 August 2021. The LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and creates novel requirements on the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer appointments, Data Protection Impact Assessments, data transfers, and data breaches. It will be enforced by the Brazilian data protection authority ('ANPD') which, when established, is expected to provide important guidance and clarity on the provisions of the LGPD.
The LGPD has many similarities to the EU's GDPR, granting certain data privacy rights to data subjects in Brazil and requiring organisations that process personal data to meet specific data protection obligations.
OneTrust's LGPD solutions are backed by AI, robotic automation and regulatory research, ensuring quick time to value, efficiency and unparalleled guidance as you build, adapt, and mature your LGPD program.
Find out more about OneTrust's full suite of solutions here.
LGPD v. GDPR Benchmark
OneTrust DataGuidance and Baptista Luz Advogados have produced a free LGPD v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the LGPD comparative to the GDPR. You can also leverage this information through our LGPD v. GDPR Comparison in the tab above.
Brazil Privacy Landscape Overview
Watch our Brazil Overview video to understand the state of privacy in Brazil in today.
The Brazilian Data Protection Authority (ANPD) released, on August 22, 2023, its report on the regulatory agenda for 2023 to 2024. The report contains 20 priority themes for its reference period and provides an overview of ongoing projects and accomplishments, reflecting the ANPD's commitment to safeguarding data privacy.
The Brazilian Data Protection Authority (ANPD) released, on August 18, 2023, its first Monitoring Cycle Report. The report includes the ANPD's activity report for 2022, as well as an action proposal for 2023.
Activity report for 2022
The Brazilian Data Protection Authority (ANPD) released, on August 16, 2023, its preliminary study on the legal basis of legitimate interest and is requesting public comments on the same.
The Brazilian Data Protection Authority (ANPD) released, on August 15, 2023, a draft Resolution on International Transfers of Personal Data and Model Standard Contractual Clauses and is requesting public comments on the same.
Scope
On August 9, 2023, the Brazilian Senate announced that a special commission would be created to debate the Bill to regulate artificial intelligence.
On July 7, 2023, the Brazilian data protection authority (ANPD) announced that it has initiated studies to analyze the processing of personal data by Meta Platforms, Inc. via its recently launched social network, Threads.
On July 6, 2023, the Brazilian data protection authority (ANPD) published its preliminary analysis of Bill No. 2338/2023 on artificial intelligence (AI). In particular, the analysis presents the points of convergence and conflict between the bill and the General Personal Data Protection Law (LGPD).
The Brazilian data protection authority (ANPD) published, on July 6, 2023, its decision in Sanctioning Administrative Process No. 00261.000489/2022-62, in which it imposed a warning and fines totaling BRL 14,400 (approx.
The Brazilian data protection authority (ANPD) published, on June 14, 2023, a model records of personal data processing activities (ROPA) template for small processing agents, following public consultation.
The Brazilian data protection authority (ANPD) published, on May 31, 2023, a list of the organizations and institutions that are under investigation in regard to compliance with the General Personal Data Protection Law (LGPD).
On May 24, 2023, the Brazilian data protection authority (ANPD) released a statement that aims to standardize the interpretation of the General Law on Personal Data Protection (LGPD) with regard to the processing of children and adolescents' data.
The Brazilian data protection authority ('ANPD') released, on 12 May 2023, a technical note which examines a series of findings on the use of personal data in the pharmaceutical sector. In particular, the ANPD highlighted that the study concluded that some personal data processing practices were not yet in full compliance with the applicable leg
The Brazilian Senate announced, on 12 May 2023, that it will analyse Bill No. 2338 of 2023 to regulate artificial intelligence ('AI') systems in Brazil.
The Brazilian data protection authority (ANPD) released, on May 2, 2023, a draft standard on the communication of security incidents with personal data and is requesting public comments on the same. In particular, the ANPD clarified that the draft standard is in line with Article 48 of the Law No.
The Brazilian data protection authority ('ANPD') published, on 6 April 2023, a question and answer ('Q&A') on Data Protection Impact Assessments ('DPIA').
The Brazilian data protection authority ('ANPD') issued, on 31 March 2023, a statement on data protection officer ('DPO') compliance and performance under the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Brazilian Federal Senate established a commission of legal experts ('the AI Commission') who were commissioned with the task of drafting an Artificial Intelligence Legal Framework ('AI Legal Framework').
Over two years on from the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') entering into force, the regulatory framework for the enforcement of its provisions continues to take shape.
Both Brazil and Chile have existing data protection frameworks which have, in part, been influenced by the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
In this report, OneTrust DataGuidance and Baptista Luz Advogados provide a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (LGPD).
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Brazil is currently in the process of fleshing out its approach to regulating cookies, with more extensive guidance on the way. Celina Bottino, Vinicius Padrão, and Flávia Parra Cano, from Rennó, Penteado, Sampaio Advogados, discuss current developments in this area and the relevance of approaches taken in the EU on this matter.
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
The Brazilian data protection authority ('ANPD') was established by the Article 55-A of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Brazilian data protection authority ('ANPD') has been active in the past months, with the publication of various guidance documents pertaining to Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and aimed at facilitating compliance.
LGPD v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in