Brazil General Data Protection Law
Comply with Brazil's General Data Protection Law ('LGPD')
The LGPD entered into force on 18 September 2020, although its enforcement provisions entered into effect on 1 August 2021. The LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and creates novel requirements on the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer appointments, Data Protection Impact Assessments, data transfers, and data breaches. It will be enforced by the Brazilian data protection authority ('ANPD') which, when established, is expected to provide important guidance and clarity on the provisions of the LGPD.
The LGPD has many similarities to the EU's GDPR, granting certain data privacy rights to data subjects in Brazil and requiring organisations that process personal data to meet specific data protection obligations.
OneTrust's LGPD solutions are backed by AI, robotic automation and regulatory research, ensuring quick time to value, efficiency and unparalleled guidance as you build, adapt, and mature your LGPD program.
Find out more about OneTrust's full suite of solutions here.
Operationalising the LGPD
OneTrust DataGuidance, in collaboration with its network of Brazilian privacy experts, are producing a series of articles examining the core operational aspects for organisations to consider.
Read Part One - DSARs & breach notification requirements
Read Part Two - Data mapping & assessments
Read Part Three - Consent and other lawful bases
Read Part Four - Vendor risk management
Read Privacy policies under the LGPD
Read LGPD v. GDPR
Read LGPD v. CCPA
LGPD v. GDPR Benchmark
OneTrust DataGuidance and Baptista Luz Advogados have produced a free LGPD v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the LGPD comparative to the GDPR. You can also leverage this information through our LGPD v. GDPR Comparison in the tab above.
Brazil Privacy Landscape Overview
Watch our Brazil Overview video to understand the state of privacy in Brazil in today.
Provisional Measure No. 1,124 of 13 June 2022 was published, on 13 June 2022, in the Official Gazette, amending Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and transforming the Brazilian data protection authority ('ANPD') into an autonomous body of special nature.
The National Telecommunications Agency ('Anatel') issued, on 3 June 2022, a Precautionary Measure No. 160/2022/COGE/SCO on robocalls, with the aim of reducing the volume of such calls, without affecting usual telemarketing services.
The Brazilian data protection authority ('ANPD') announced, on 2 June 2022, that it is conducting a public survey to identify topics and formats for the implementation of educational activities, with the aim of promoting a culture of education on privacy.
The Brazilian data protection authority ('ANPD') issued, on 25 May 2022, the third Technical Note No. 49/2022/CGF/ANPD on the analysis of the adequacy of Whatsapp LLC's privacy policy with Law No. 13.709 of 14 August, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Brazilian data protection authority ('ANPD') released, on 26 May 2022, recommendations to the government on its web portal and adequacy with cookie collection practices in line with Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Federal Government published, on 19 May 2022, Decree No. 11.075 of 19 May 2022 which establishes the procedures for the preparation of Sectoral Plans for Mitigation of Climate Change and institutes the National System for the Reduction of Greenhouse Gas Emissions.
The Brazilian data protection authority ('ANPD') announced, on 18 May 2022, that as of the same date, it is accepting comments and submissions for the preparation of regulations on international data transfers.
The Interactive Advertising Bureau of Brazil ('IAB Brazil') published, on 29 April 2022, its Guide on Efficient Data Management. In particular, the guide addresses the main concerns and opportunities to be explored to build and maintain an information structure containing data-driven decisions.
The Public Security Commission of the Chamber of Deputies announced, on 11 May 2022, the approval of Bill No. 1392/21 to facilitate access to the National Multibiometric and Fingerprint Bank, without the previous judge's authorisation, in order to facilitate law enforcement’s identification of citizens who have committed crimes.
The Senate announced, on 11 May 2022, that the deadline for suggestions from experts and other sectors of society related to the new regulatory framework on artificial intelligence ('AI') has been extended.
The National Council for Data Protection ('CNPD') published, on 10 May 2022, in the Official Gazette, CNPD Resolution No. 1 of 6 May 2022 that establishes the internal regulations of the CNPD. In particular, among the various topics on the structuring of the CNPD, the Resolution addresses matters such as:
The Brazilian Senate proposed, on 7 April 2022, Bill No. 879 of 2022 which would amend Decree-Law No. 2,848, of 7 December 1940 ('Penal Code') to qualify computer device invasion as a crime when personal data is obtained in this way, and create the crime of 'kidnapping of computer data'.
The Brazilian data protection authority ('ANPD') published, on 3 May 2022, its technical study on the processing of personal data for academic purposes and the performance of studies by a research body under Law No. 13.709 of 14 August 2018, the General Personal Data Protection Law (as amended by Law No.
The Brazilian data protection authority ('ANPD') published, on 27 April 2022, the Version 2.0 of its Guidance for Personal Data Processing Agents and Data Protection Officers ('DPO'), which was initially published on 28 May 2021.
The Brazilian data protection authority ('ANPD') issued, on 20 April 2022, an official clarification note stating that it was made aware of the publication of Ordinance No.
The Ministry of Economy published, on 19 April 2022, Ordinance No. 167 authorising the Federal Service for Data Processing ('SERPRO') to provide third parties with access to data subject's personal data, under the management of the Special Secretariat of the Federal Revenue Service of Brazil ('RFB').
Environmental, social, and governance ('ESG') has become an area that organisations are increasingly expected to pay close attention towards in their business practices.
Almost one year after the publication of the Brazilian data protection authority's ('ANPD') first guidelines ('the Guidelines'), which address the definitions of processing agents and general requirements for data protection officers ('DPOs'), the regulator has issued an updated version with a few modifications1, mostly aimed at clari
The rules for banks in Brazil are changing, with new rules and regulations for such institutions to abide by. Ana Carolina Ferreira de Melo Brito, Rodrigo da Fonseca Chauvet, and Fabiana Cicchetto, from Trigueiro Fontes Advogados, discuss these developments and their impact.
The proliferation of cryptocurrency as a means of payment in recent times has made it all the more necessary to examine the data privacy aspects of this technology. Maria Godoy, Privacy Consultant at Hitachi Systems Security Inc., discusses this topic in the Brazilian context.
The Brazilian data protection authority ('ANPD') was established by the Article 55-A of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD').
The Brazilian data protection authority ('ANPD') has been active in the past months, with the publication of various guidance documents pertaining to Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') and aimed at facilitating compliance.
In light of technological innovations profoundly impacting market and business performance, questions on how to align requirements and provisions of Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD') with the dynamics and challenges of the real estate market arise.
The Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD'), enacted in August 2018, took effect on 18 September 2020.
The entry into force of the Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No.
Following public consultation on the matter, the Brazilian data protection authority1 ('ANPD') approved, on 29 October 2021, Regulation CD/ANPD No. 1 ('the Regulation'), regarding the monitoring and enforcement of administrative sanctions by the ANPD. The Regulation entered into effect on the same day it was enacted.
Artificial intelligence ('AI') and the regulation thereof is a highly contentious topic, and in Brazil this is no different. Simone Mendes Santinato, Director - Privacy and Data Protection Business Unit at Novared Brasil, discusses this in relation to recent proposed legislation and the controversies that this has stirred.
Measures taken throughout the COVID-19 pandemic have brought into the focus the issue of balancing privacy with other fundamental rights, a conflict which is also present with regards to vaccinations and vaccine passports. Rodrigo Berthier da Silva, Attorney at Law at Berthier Advogados Associados, discusses how this topic has developed in Brazi
LGPD v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in