The Lei Geral de Proteção de Dados (LGPD) is a data protection law in Brazil that aims to protect personal data. It became effective in September 2020 and applies to all individuals and businesses processing personal data in the country, regardless of their location. The LGPD provides Brazilian individuals with the right to access, correct, and delete their personal data. Additionally, businesses are required to obtain valid consent from individuals before processing their data. The law is designed to enhance the protection of personal data and promote transparency and accountability in data processing practices.
The LGPD applies to all individuals and businesses that process personal data in Brazil, regardless of where they are based. This means that the law applies to both Brazilian and foreign entities that process personal data in Brazil, including companies that offer goods or services to Brazilian individuals, collect data from individuals located in Brazil, or monitor the behavior of individuals in Brazil. It's important to note that failure to comply with the LGPD may result in fines of up to 2% of a business's gross revenue in Brazil, with a maximum penalty of 50 million Brazilian reais per violation.