The OneTrust DataGuidance Operationalizing the LGPD report aims to help with the understanding of core concepts outlined by Lei Geral de Proteção de Dados Pessoais (LGPD) - Brazil’s General Data Protection Law. 

Following the release of our updated Comparing privacy laws: GDPR v. LGPD report and the recent LGPD is here: What you need to know webinar, the new report will help privacy professionals understand compliance with the LGPD, Brazil’s sweeping data protection law which entered into force on September 18, 2020. 

What is the LGPD? 

The LGPD is a data protection law in Brazil, the provisions of which are comparable to the EU’s General Data Protection Regulation (GDPR). The LGPD places requirements on businesses relating to the protection of personal data of data subjects in Brazil.  

Data controllers that fall under the scope of the LGPD are required to appoint a Data Protection Officer (DPO), ensure they have legal bases for the processing of personal data, and have public policies relating to how they collect, process, and store personal data, among other things.  

 The LGPD also includes provisions for data breach notifications, the processing of sensitive personal data, and data subject rights such as the right to access, deletion, and data portability.  

Compliance with the provisions of the LGPD is overseen by the Autoridade Nacional de Proteção de Dados (ANPD). The ANPD is tasked with investigating non-compliance, handling complaints lodged by data subjects, and promoting public awareness of the law. 

When does the LGPD come into effect in Brazil? 

The LGPD entered into effect on September 18, 2020, and penalties and administrative sanctions became enforceable on August 1, 2021.  

Expert insight on LGPD compliance 

This report was produced in collaboration with our network of contributors in Brazil, including Alan Campos Eliaz Thomas, Partner at AT Advogados, Felipe Palhares, Partner at Barbosa Müssnich Aragão Advogados, and Patricia Peck Pinheir and Bruna Michele Wozne Godoy, Partner and Associate respectively at PG Advogados, and sheds light on one of the most discussed privacy laws to come into force in recent years. 

Operationalizing Brazilian data protection law 

Operationalizing the LGPD includes four detailed articles to help data controllers and data processors understand how to approach the LGPD. These cover key topics including breach notification, data subject rights, vendor management, and data mapping. The report will help you build and maintain your LGPD compliance program and highlight crucial steps you can take to stay ahead of the curve. 

Articles in the report include:  

• Data subject requests (DSARs) and breach notification requirements 
• Data mapping and data protection impact assessments (DPIAs) 
• Consent and other legal bases 
• Vendor risk management 

Download the report to learn more about how your organization can operationalize the requirements of the LGPD.  

Visit the OneTrust DataGuidance Resource Library for more reports from the Comparing Privacy Laws series as well as webinars, whitepapers, and infographics.