Skip to main content

LGPD

logo

Summary

The Brazilian General Data Protection Law (LGPD) can be considered as Brazil's answer to the GDPR —with the Brazilian law aligning with the European Regulation in many ways, while differing in others. The LGPD aims at creating a new legal framework for the use of personal data in Brazil, both online and offline, in the private and public sectors. Last Update: October 2020.

Definitions

DefinitionRequirements
7_I. Requirements for the Processing of Personal Data
310. Request user consent
7_II. Requirements for the Processing of Personal Data
331. Guarantee legal compliance
7_III. Requirements for the Processing of Personal Data
314. Provide processing confirmation
7_VI. Requirements for the Processing of Personal Data
315. Provide processed data information
331. Guarantee legal compliance
7_X-3. Requirements for the Processing of Personal Data
045. Remove metadata when sharing files
261. Avoid exposing sensitive information
315. Provide processed data information
7_X-5. Requirements for the Processing of Personal Data
315. Provide processed data information
7_X-7. Requirements for the Processing of Personal Data
315. Provide processed data information
8-2. Requirements for the Processing of Personal Data
311. Demonstrate user consent
8-4. Requirements for the Processing of Personal Data
315. Provide processed data information
8-5. Requirements for the Processing of Personal Data
312. Allow user consent revocation
8-6. Requirements for the Processing of Personal Data
262. Verify third-party components
318. Notify third parties of changes
9. Requirements for the Processing of Personal Data
315. Provide processed data information
9_VII-2. Requirements for the Processing of Personal Data
301. Notify configuration changes
310. Request user consent
318. Notify third parties of changes
11_I. Processing of Sensitive Personal Data
310. Request user consent
14-1. Processing of Children and Adolescents Personal Data
310. Request user consent
14-2. Processing of Children and Adolescents Personal Data
314. Provide processing confirmation
315. Provide processed data information
15_I. Termination of Data Processing
360. Remove unnecessary sensitive information
15_III. Termination of Data Processing
312. Allow user consent revocation
16. Termination of Data Processing
183. Delete sensitive data securely
317. Allow erasure requests
360. Remove unnecessary sensitive information
18_I. Data Subjects Rights
314. Provide processing confirmation
18_II. Data Subjects Rights
085. Allow session history queries
18_III. Data Subjects Rights
316. Allow rectification requests
18_IV. Data Subjects Rights
322. Avoid excessive logging
360. Remove unnecessary sensitive information
18_VI. Data Subjects Rights
310. Request user consent
317. Allow erasure requests
18_IX. Data Subjects Rights
312. Allow user consent revocation
19. Data Subjects Rights
314. Provide processing confirmation
19_II-1. Data Subjects Rights
227. Display access notification
229. Request access credentials
20. Data Subjects Rights
316. Allow rectification requests
23_I. Rules
095. Define users with privileges
315. Provide processed data information
26. Rules
189. Specify the purpose of data collection
331. Guarantee legal compliance
46. Security and Secrecy of Data
095. Define users with privileges
096. Set user's required privileges
114. Deny access with inactive credentials
341. Use the principle of deny by default
51. Good Practice and Governance
331. Guarantee legal compliance
60. Final and Transitional Provisions
183. Delete sensitive data securely
312. Allow user consent revocation
317. Allow erasure requests
360. Remove unnecessary sensitive information
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Last updated on