LGPD

Subscribe to LGPD via RSS

Following lots of legislative uncertainty, Brazil has now formally enacted the country’s first general data protection law, Lei Geral de Proteção de Dados, or “LGPD.” While administrative sanctions do not go into effect until August 1, 2021, individuals and public prosecutors can now bring claims for losses and damages. Indeed, at least one public civil action has already been filed. LGPD is the first comprehensive general data protection law in Latin America. It was modeled after the EU’s GDPR. While there are many similarities, LGPD does introduce new concepts. Below are some of the key elements to keep in mind.
Continue Reading Brazil’s Comprehensive Privacy Law Now in Effect

Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data Privacy Law or LGPD). The law was passed in 2018, and is set to go into effect a year from now. While the law was designed to be similar to the EU’s GDPR, it is not identical. Individuals will receive very similar access and deletion rights. Like GDPR, the law also contemplates data impact assessments, and provisions in contracts between controllers and processors of personal data. Also like GDPR, the law has extraterritorial impact, applying to those who process or collect information in Brazil, even if the entity is itself outside of the country. There are, though, differences between LGPD and GDPR. For example the amount of time to respond to individuals’ rights requests will be shorter. The definition of personal information under LGPD is also broader.  The law will be enforced by Brazil’s new National Data Protection Authority, and carries penalties that are similar to GDPR. Before the law goes into effect, it is expected that the data protection authority will issue regulations.
Continue Reading Brazil’s New Privacy Law One Year Away