LGPD (Lei Geral de Proteção de Dados Pessoais) is Brazil's comprehensive data protection law that establishes rules for collecting, processing, storing, and sharing personal data. Enacted in 2018 and effective since September 2020, it closely mirrors the EU's GDPR in many aspects while incorporating unique Brazilian elements.
The law represents Brazil's first comprehensive framework for personal data protection, applying to both public and private sectors. It aims to protect individual privacy rights while enabling business innovation and digital transformation.
Key aspects include strict consent requirements, data subject rights, mandatory breach notifications, and significant penalties for non-compliance. The law applies to any organization processing Brazilian residents' data, regardless of where the organization is located.
Territorial Scope:
Material Scope:
Legal Bases for Processing:
Article 7 defines 10 legal bases including:Data Subject Rights:
Security Requirements:
Article 46 mandates:Data Protection Officer:
Security Measures:
Article 47 requires:Penalties:
Oversight:
Original Timeline:
Compliance Deadlines:
Article 65 established 18-month adaptation periodThe LGPD represents a significant shift in Brazil's data protection landscape, requiring substantial operational changes for organizations while providing enhanced privacy rights for individuals.
If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page