Brazil’s General Data Protection Law
Brazil’s General Data Protection Law, or the Lei Geral de Proteçäo de Dados (LGPD) came into effect on August 16, 2020. The LGPD is made up of 65 articles and is designed to unify 40 existing laws to regulate processing of the personal data of individuals. The LGPD creates a legal framework for the use of personal data of individuals in Brazil, regardless of where the data processor is located and is closely modeled after the GDPR.
- Data processing within the territory of Brazil
- Data processing of individuals who are within the territory of Brazil, regardless of where in the world the data processor is located
- Data processing of data collected in Brazil
Penalties of the LGPD became enforceable on August 1, 2021
Companies that violate the new law will be subject to the application of warnings, fines, embargoes, suspensions and partial or total bans to performing their activities. Fines can reach up to 2% of the organization's revenue, with a limit of R$50 million per violation