BRAZIL-LGPD
Brazil LGPD compliance regulation modern detailed.
Definition
Brazil LGPD (Lei Geral de Protecao de Dados Pessoais, Lei 13709/2018 published August 2018, effective 18 September 2020 + sanctions effective 1 August 2021) is the GDPR-inspired Brazilian data protection law regulating processing of personal data of individuals in Brazil by data controllers + processors (regardless of where established), implements rights similar GDPR (access + correct + delete + portability + opt-out + multiple), legal bases for processing + required Data Protection Officer + breach notification + Records of Processing Activities + ANPD (Autoridade Nacional de Protecao de Dados) supervisory authority. Technical detail + application scope + compliance obligations + non-compliance sanctions + reporting processes + impact on in-scope companies + alignment with adjacent national + international regulations + governance + supervisory authorities + implementation timeline + transitions + case law + industry best practices documentation adoption.
Origin
LGPD Lei 13709/2018 published August 2018 ; effective 18 September 2020 ; sanctions 1 August 2021 ; ANPD supervisory authority.
Example in context
Brazilian e-commerce Mercado Livre processes ~200M user personal data: LGPD compliance includes (1) Updated Brazilian Portuguese privacy notices, (2) DPO appointed + registered with ANPD, (3) Records of Processing Activities (Registro de Operacoes de Tratamento) maintained, (4) Data subject rights request portal + responses within ~15 days legal deadline, (5) Data breach notification ANPD + affected users 'reasonable timeframe' + ANPD-issued guidance reaffirms.
Related terms
- GDPR v3 — inspiring model.