What is the LGPD or General Personal Data Protection Law?

The LGPD (General Personal Data Protection Law) is law no. 13,709, passed in August 2018 and went into effect as of September 2020. It regulates the processing of personal data, with its objective being to protect the fundamental rights of freedom and privacy and a natural person’s ability to freely develop their personality.

Personal Data Protection

In its content, the LGPD establishes the principles that must be respected in matters of personal data protection:

  • Respect for privacy;
  • Self-determination of information;
  • Freedom of expression, information, communication, and opinion;
  • The inviolability of privacy, honor, and image;
  • Economic and technological development and innovation;
  • Free enterprise, free competition, and consumer protection;
  • Human rights, free development of personality, dignity, and the exercise of citizenship by natural persons.

Security Incident

Although the LGPD does not explicitly present the concept of a breach or incident, the National Data Protection Authority describes a security incident involving personal data as "any confirmed adverse event related to the breach in the security of personal data, such as unauthorized, accidental, or unlawful access resulting in destruction, loss, alteration, leakage or even, any form of improper or unlawful processing of data, which may pose a risk to the rights and freedoms of the holder of the personal data".

It is important to know the definition of “incident” to understand the events that involve personal data and that are present in the legislation, like what is stated in Article 42 of the LGPD, for example:

"The Controller or Operator who, due to the act of processing personal data, causes damage to others’ property, be it moral, individual, or collective, in violation of the legislation on protection of personal data, is obliged to repair it."

Article 46 of the LGPD serves as another example, which states that Personal Data Processing Agents must adopt security, technical, and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or any form of improper or unlawful processing.

Cybersecurity Solutions for LGPD Compliance


For LGPD compliance, it is necessary to apply simple policies and pragmatic procedures that lead people to adopt a culture of information protection in your organization and accompany it with the implementation of a layered security approach to ensure compliance with established policies.

Fortra's approach consists of guaranteeing information security through granular controls in the information flow and throughout its life cycle, without this representing any drop in the organization's productivity. From intelligent and granular data classification capable of identifying the type of information and its location, to data loss prevention, secure collaboration, and file transfer security, we offer a comprehensive and integrated set of solutions for the execution of your security strategy:

Learn More about Fortra's Data Classification

At Fortra, we have more than 30 years of experience helping organizations around the world to protect their data. Our globally recognized solutions and our team of experts can help you comply with LGPD and other regulations. Request a no-obligation presentation to learn how our solutions can help your company's security strategy.

Regulatory Compliance

If you're ready for a demo, let's talk about how we can help with your specific compliance needs.