In August 2018, Brazil approved a new data privacy regulation referred to as the Lei

Geral de Protecao de Dados (LGPD) with its enforcement expected to commence in August

2020. Commonly described as the General Data Protection Law, the adoption of this law in

Brazil came at a period termed as a watershed moment for data privacy regulations globally.

Primarily, the European Union's General Data Protection Regulation (GDPR) came into

effect on May 2018, while the California Consumer Privacy Act (CCPA) was also passed in

June 2018.

Brazil’s LGPD introduces new regulations concerning the collection, use, processing,

and storage of personal information in both electronic and physical form. Before the adoption

of LGPD, the data safety oversight structure in Brazil was sector-based and regulated by the

country’s Internet Act as well as the Consumer Protection Code. This article provides an

overview of what you need to know about Brazil’s New Data Protection Law.

What does LGPD Regulate?

LGPD oversees the gathering and utilization of personal information. In this case,

personal information is described as data connected to an identified or identifiable natural

person on both digital and physical form. Additionally, this law oversees sensitive personal

information, which is identified as data connected to an individual’s ethnicity, religious

conviction, political views, union membership, political organization affiliation, health,

sexual preference, and genetic details.

On the other hand, LGPD does not apply to the processing of anonymous data or

personal data employed for family, artistic, journalistic, academic, or state security reasons.

Additionally, this regulation does not oversee business-to-business data.

Who is impacted by LGPD?

 This law controls holders and processors of personal information. Essentially, holders

are the natural or authorized parties who determine how and why to gather and process

personal information. In contrast, processors are the parties that manipulate the collected

information in line with the holder’s instructions.

In terms of its scope, LGPD applies across all sectors, in addition to having

extraterritorial application. Therefore, it applies to any person or organization that is either;

Gathering or processing personal information in Brazil; or

Intends to provide goods or services to Brazilian citizens

Regardless of whether an individual or organization is public or private, they are

subject to LGPD oversight if they engage in the abovementioned activities. Similarly, the

residency of the individual or organization is inconsequential when it comes to LGPD

oversight provided they handle personal data from Brazilian residents.

The penalties of non-compliance with this law include fines of up to 2% of the firm’s

gross income earned in Brazil or 50 million reais for any violation.

How does Secure Privacy help you with LGPD Compliance?

Secure Privacy offers complete easy-to-use solutions for LGPD compliance that can

be integrated seamlessly with any website. These solutions simplify cookie consent, cookie

monitoring, and cookie control to help your company and website avoid LGPD non-

compliance penalties.

Closing Statement
 Businesses have up to August 2020 to comply with LGPD. It is advisable to make

your company and website compliant to this regulation as early as possible. Request a demo

or try Secure Privacy’s solutions for free and become LGPD-compliant today.