Brazil’s General Data Protection Law (LGPD) owes a lot to the EU’s General Data Protection Regulation (GDPR).
Brazil’s General Data Protection Law (LGPD) owes a lot to the EU’s General Data Protection Regulation (GDPR).
However, this does not mean that the LGPD is a carbon copy of the GDPR. Instead, the two laws have several crucial differences that companies that operate in Brazil need to know.
The LGPD came into force on May 3, 2021, but the application of fines and sanctions will only take effect on August 1, 2021. The LGPD establishes new legal guidelines for the collection, processing, use, and storage of personal information obtained from or related to individuals in Brazil irrespective of the data processor’s location.
Before the adoption of the LGPD, the data protection legal system in Brazil was sector-specific and mainly overseen by the country’s Civil Rights Framework for the Internet, which is commonly referred to as the Internet Act, and the Consumer Protection Code.
Explore more privacy compliance insights and best practices
Learn more about what LGDP is here.
Take a look at the 2022 LGPD updates.
The LGPD controls the gathering and utilization of personal information. In the context of this law, personal information refers to the data that can be linked to an identified or identifiable natural person, which is in either non-digital or digital format.
A unique aspect of LGPD’s definition of personal information is the fact that it does not provide examples of what constitutes personal data.
Apart from personal information, LGPD also oversees sensitive personal information. Under this law, personal information is described as data connected to a person’s;
However, similar to GDPR, LGPD outlines certain exceptions concerning its application to personal data.
Primarily, this regulation does NOT apply to anonymous information or data used for the following purposes;
The LGPD applies to controllers and processors of personal information. A controller is a natural or legitimate party that determines how and why to obtain and process personal data. On the other hand, a processor is any entity that handles the data as instructed by the controller.
Similar to both the GDPR and the CCPA, LGPD applies to all sectors. Furthermore, the regulation is also characterized by an extraterritorial application.
Primarily, the scope of the LGPD covers any person, company, public or private, irrespective of where it is located, that;
How the LGPD will be implemented means that an organization collecting or processing personal information of Brazilians does not to be headquartered in the country for it to be subject to this law.
Similar to the CCPA and LGPD, failure to comply with the LGPD when it comes into effect can lead to severe consequences for a business.
Essentially, LGPD sanctions can result in;
Businesses operating in Brazil must streamline their practices to ensure that they comply with the LGPD by August 2021. The preliminary steps towards achieving compliance include;
Identify where to begin, what shortcomings exist in your privacy practices, and create a focused action plan with the help of a data privacy law expert by booking a call with us today.
Schedule a call to learn more
Check out the latest updates to LGPD here.
- Learn more about the LGPD by downloading your free e-book today
