Compliance with Brazil 's New Privacy Law

Brazil enacted a comprehensive general data protection law, the "Lei Geral de proteção de Dados" (LGPD), in August 2018. After some initial delays, the LGPD is set to come into effect on August 15, 2020. The LGPD was tailored after the European Union's General Data Protection Regulation (GDPR). It will supplement, but not replace, existing data privacy laws in Brazil.

The LGPD creates a new legal framework for the use of personal data processed on or related to individuals (data subjects) in Brazil, regardless of where the data processor is located. The LGPD also applies to organizations that intend to offer good or services to individuals in Brazil.

The LGPD provides data subjects with rights similar to those afforded under the GDPR, including the right to:

  • Access;
  • Rectification;
  • Anonymization, redaction, or elimination of unnecessary or excessive personal data, or of data that is not being processed in compliance with the LGPD;
  • Portability;
  • Deletion of personal data being processed based upon consent;
  • Disclosure of subprocessors and other third parties with whom personal data is shared;
  • Information about consent choices and the consequences of refusing consent; and
  • Revocation of consent.

The LGPD created a new National Data Protection Authority, the Autoridade Nacional de Proteção de Dados (ANPD), to oversee and enforce the requirements of the new law. The LGPD prescribes hefty fines for violations, including fines of up to 2% of a company's sales revenue and 50 million Brazilian Real per violation (1 Brazilian Real = 0.20 United States Dollars as of 3/23/2020).

Although the LGPD largely mirrors the GDPA, there are some differences. Organizations with operations in Brazil should carefully review the new requirements, review and update their data inventories completed for GDPR and other privacy laws, update their privacy impact assessments, and implement a LGPD compliance program to ensure that they can, among other things, provide these new rights to individuals in Brazil and maintain an agile data subject consent management system.

CENTRL's Privacy360 (LGPD Edition) provides an out of the box application tailored to the requirements of the LGPD. It is the most advanced integrated privacy management platform that offers distinct modules that allow organizations to comply to multiple privacy regulations.

How CENTRL's Privacy 360 helps with the LGPD

  • Data Subject Rights Management module that automates the process from data subject request to fulfillment. Using tasks, workflows and connectors to systems, Privacy360 can find and report the PII data about a particular data subject. Privacy teams can then respond to the data subject using secure portal, within the stipulated time as per the regulation. The DSRM module supports all rights that the LGPD requires a company to comply with.
  • Consent and Preference module to manage the lifecycle of granular consent- from collection to withdrawal. Companies have the ability to create the consent choices, present to the data subjects and record the consent. This consent can then be propagated to third parties and other source systems.
  • Data Inventory and Mapping module that automates data mapping process using both eDiscovery and surveys. This is not only helpful to efficiently respond to data subject requests but also to useful to understand the type of personal data collected, the
  • Assessments and Third-Party Risk Management module to assess privacy risk across internal processes and third parties. Manage gaps and issues that that are identified during the process to reduce risk
  • Comprehensive analytics and privacy dashboard DPOs and executives to monitor overall status

By using CENTRL's Privacy360, your organization can easily manage a multitude of templates, checklists and questionnaires while providing the control to monitor, evaluate and create audit reports allowing you to focus on the results instead of the process.

Read more about Privacy360, or contact sales of CENTRL's privacy solutions.

Learn how CENTRL can help your Privacy Compliance program

Related Privacy Compliance Links

Data Sheet



White Paper

Operationalize CCPA Compliance



Connect & integrate with other systems

Learn more