Skip to main content

LGPD

logo

Summary

The Brazilian General Data Protection Law (LGPD) can be considered as Brazil's answer to the GDPR —with the Brazilian law aligning with the European Regulation in many ways, while differing in others. The LGPD aims at creating a new legal framework for the use of personal data in Brazil, both online and offline, in the private and public sectors. The version used in this section is LGPD 2019.

Definitions

DefinitionRequirements
7_I. Chances of carrying out personal data processing310. Request user consent
7_II. Chances of carrying out personal data processing331. Guarantee legal compliance
7_III. Chances of carrying out personal data processing314. Provide processing confirmation
7_VI. Chances of carrying out personal data processing315. Provide processed data information
331. Guarantee legal compliance
7_X-3. Chances of carrying out personal data processing045. Remove metadata when sharing files
261. Avoid exposing sensitive information
315. Provide processed data information
7_X-5. Chances of carrying out personal data processing315. Provide processed data information
7_X-7. Chances of carrying out personal data processing315. Provide processed data information
8-2. Consent of the personal data holder311. Demonstrate user consent
8-4. Consent of the personal data holder315. Provide processed data information
8-5. Consent of the personal data holder312. Allow user consent revocation
8-6. Consent of the personal data holder262. Verify third-party components
318. Notify third parties of changes
9. Personal data subject's right of access315. Provide processed data information
9_VII-2. Personal data subject's right of access301. Notify configuration changes
310. Request user consent
318. Notify third parties of changes
11_I. Processing of sensitive personal data310. Request user consent
14-1. Personal data of children and adolescents310. Request user consent
14-2. Personal data of children and adolescents314. Provide processing confirmation
315. Provide processed data information
15_I. Termination of processing of personal data360. Remove unnecessary sensitive information
15_III. Termination of processing of personal data312. Allow user consent revocation
16. Deletion of personal data183. Delete sensitive data securely
317. Allow erasure requests
360. Remove unnecessary sensitive information
18_I. Personal data subject's rights in relation to the controller314. Provide processing confirmation
18_II. Personal data subject's rights in relation to the controller085. Allow session history queries
18_III. Personal data subject's rights in relation to the controller316. Allow rectification requests
18_IV. Personal data subject's rights in relation to the controller322. Avoid excessive logging
360. Remove unnecessary sensitive information
18_IX. Personal data subject's rights in relation to the controller312. Allow user consent revocation
18_VI. Personal data subject's rights in relation to the controller310. Request user consent
317. Allow erasure requests
19. Personal data subject's requests314. Provide processing confirmation
19_II-1. Personal data subject's requests227. Display access notification
229. Request access credentials
20. Right to review decisions based on automated processing of personal data316. Allow rectification requests
23_I. Specific rules for the processing of personal data by the government095. Define users with privileges
315. Provide processed data information
23_III. Specific rules for the processing of personal data by the government-
26. Sharing personal data by the government189. Specify the purpose of data collection
331. Guarantee legal compliance
46. Technical and organizational measures095. Define users with privileges
096. Set user's required privileges
114. Deny access with inactive credentials
341. Use the principle of deny by default
51. Encouraging to adopt technical standards331. Guarantee legal compliance
60. Changes in marco civil internet183. Delete sensitive data securely
312. Allow user consent revocation
317. Allow erasure requests
360. Remove unnecessary sensitive information