What is LGPD?

The Lei Geral de Proteção de Dados (LGPD) is a data protection law in Brazil that aims to protect personal data. It became effective in September 2020 and applies to all individuals and businesses processing personal data in the country, regardless of their location. The LGPD provides Brazilian individuals with the right to access, correct, and delete their personal data. Additionally, businesses are required to obtain valid consent from individuals before processing their data. The law is designed to enhance the protection of personal data and promote transparency and accountability in data processing practices.

Where does the LGPD apply to?

The LGPD applies to all individuals and businesses that process personal data in Brazil, regardless of where they are based. This means that the law applies to both Brazilian and foreign entities that process personal data in Brazil, including companies that offer goods or services to Brazilian individuals, collect data from individuals located in Brazil, or monitor the behavior of individuals in Brazil. It's important to note that failure to comply with the LGPD may result in fines of up to 2% of a business's gross revenue in Brazil, with a maximum penalty of 50  million Brazilian reais per violation.

Frequently Asked Questions

How can I ensure LGPD compliance for my business?

To ensure LGPD compliance, review and update privacy policies, obtain valid consent, implement security measures, appoint a Data Protection Officer (DPO) (if required), conduct data protection impact assessments, establish data subject rights procedures, and stay updated on ANPD guidelines and regulations.

What are the record-keeping requirements under the LGPD?

Under the LGPD, organizations must maintain records of their data processing activities, including the purposes, categories of personal data, recipients, data transfers, and security measures. These records help demonstrate compliance and should be readily accessible to the Brazilian Data Protection Authority (ANPD) upon request.

What are the penalties for non-compliance with the LGPD?

The penalties for non-compliance with LGPD (Lei Geral de Proteção de Dados) in Brazil can result in fines of up to 2% of the company's revenue in Brazil, capped at BRL 50 million per violation. Additional sanctions include warnings, data processing restrictions, and partial or total suspension of activities related to data processing.

Stay informed

Sign up for our newsletter to get the latest updates, thoughts, and ideas from Consentmo.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Is your site compliant?