Lei Geral de Proteção de Dados Pessoais (LGPD) has been an enforceable law since August 15th, 2020, and is modelled after the European GDPR in creating a legal framework for how personal data is allowed to be handled in Brazil.
The legislation empowers data subjects with nine rights, defines what constitutes personal data, and creates ten legal bases for lawful processing. It also puts the responsibility on companies and organizations to appoint a Data Protection Officer (DPO).
The LGPD applies to all companies that handle the personal information of Brazilian residents, whether they are located in Brazil or not. Fines up to $12,300,000 or 2% of an organisation’s annual turnover within Brazil (whichever is greater) are enforced by a newly formed data protection authority (the ANPD) within the country.
For updates on changes in legislation
Sign Up for Vox updates on LGPD
Follow the Legislative updates by clicking on the link
to the the LGPD updates website