Complying with Brazil’s LGPD

What is the LGPD or General Personal Data Protection Law?

Text

The LGPD (General Personal Data Protection Law) is Brazil’s primary personal data protection law. While Brazil is no stranger to privacy policies, having over 40 such sector-specific regulations on its books, this is the country’s first comprehensive framework governing the regulation and use of all personal data.

Based closely on Europe’s GDPR (General Data Protection Regulation), the policy comprises 65 articles and outlines the acceptable legal standards for processing personal information of individuals in Brazil, “with the purpose of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.”

Sometimes referred to as “Brazil’s GDPR,” the law:

  • Requires the lawful processing of personal data by organizations of any size.
  • Obligates notification of data breaches to the governing authority and those affected.
  • Creates a national supervisory authority which:
    • Enforces and interprets the LGPD.
    • Defines acceptable data collection guidelines.
    • Punishes offenders.
    • Regulates the transfer of data internationally.

Which Data Rights Are Protected Under the LGPD?

Media
Image
image
Text

The LGPD protects and acknowledges nine rights of Brazilian individuals with respect to their personal information. Per the law, personal data and sensitive personal data are protection, defined as:

Personal Data: “Information regarding an identified or identifiable natural person.”

Sensitive Personal Data: “Personal data concerning ethnic or racial origin, political opinion, religious beliefs, trade union or philosophical, religious or political organization membership, data concerning health, or genetic or biometric data, relating to a natural person.”

The nine protected data rights of the LGPD are:

  1. The right to be informed of data processing activities.
  2. The right to access one’s data.
  3. The right to amend inaccuracies in one’s personal data.
  4. The right to eliminate data that is not being processed in compliance with LGPD standards, or excess data.
  5. The right to move your data to another service by express request (data portability).
  6. The right to delete personal data.
  7. The right to information about the entities (public and private) with whom one’s data is shared.
  8. The right to be informed of the option to deny consent to process data, and what that denial entails.
  9. The right to revoke one’s consent for an entity to process their personal data once consent has been given. 

To Whom Does the LGPD Apply?

Media
Image
image
Text

Under the jurisdiction of the LGPD are both public and private entities of any size. Unlike the GDPR, on which it is largely based, there is no organization too small to fall under its reach. A few enumerated exclusions include times in which information is collected exclusively for journalistic, academic, and artistic purposes, for national defense, or for public safety.  

The law also extends to organizations outside of Brazil that collect or process data within the country, or that process the data with the intent to sell goods or services within Brazil. 

LGPD Compliance with Fortra's Data Classification

At Fortra, we have more than 30 years of experience helping entities around the world protect their sensitive data without any drop in the organization's productivity. We believe in giving clients full visibility over their data resources, applying granular and customizable controls, and attaching protective policies to the data itself, not just its location.

Fortra’s Data Classification Suite (DCS), winner of the 2024 Cybersecurity Excellence Awards, offers organizations the best in data classification through our unique approach:

  • User-based categorization option | Users are given the power to define and apply a wide range of identifiers for precise categorization (from country to customer).
  • Metadata-driven | Metadata is used as a central feature of data categorization and protection.
  • Custom compliance accommodations | Clients can go beyond labeling sensitive data alone and use Fortra DCS to address the requirements of today’s complex regulatory landscape. 

Fortra DCS solutions include:

And more.

Image
image

Protect your information anywhere, encrypt your data for layered defense, and leverage our customizations to adhere to any compliance standard.

Contact a Fortra SME to learn more about our Data Classification Suite today, or get your free, personalized demo