skip to main content

LGPD Compliance

LGPD CookiePro Laptop

Time Until LGPD Goes Into Effect

What is LGPD?

The LGPD, or Lei Geral de Protecao de Dados, was unanimously approved on July 10, 2018 and will go into effect on August 15, 2020.  Brazil’s General Data Protection Law requires companies to comply with requirements related to the processing of personal data.  The LGPD carries many similarities with the EU’s General Data Protection Regulation (GDPR), however, it is leaner in comparison.

In terms of territorial scope, the LGPD applies to all companies offering goods or services to data subjects in Brazil, regardless of where they are located.

Failure to comply with the LGPD can result in maximum fines of up to 2% of the company’s Brazilian revenue of up to R$50 million (roughly $12.9 million USD or 11.2 million EUR).

At a high level, here's what you need to do to comply:
  • Inform, correct, anonymize, delete or provide a copy of the data if requested by the data subject
  • Delete data after the relevant relationship terminates
  • Adopt technical and administrative data security measures to protect personal data from unauthorized access, accidents, destruction, loss etc.
  • Appoint a DPO officer responsible for receiving complaints and communications
  • Notify the data subjects and local authorities if a breach occurred

Who Does the LGPD Apply To?

The LGPD applies to any private or public individual or company with personal data processing activities that are carried out in Brazil, collected in Brazil, or involve offering and supplying goods or services in Brazil. The regulation affects companies in all sectors doing business in or with Brazil.

Right of Information

If a data holder submits a request, the controller must respond with the confirmation of the existence of data processing operations. This must happen either immediately with a simplified format of the information, or in 15 days by means of a clear and complete declaration that includes:

  • The origin of the data
  • The criteria used for the processing
  • Purpose of processing
  • Form and duration of treatment
  • Identity of the controller
  • Controller contact information
  • Information shared with other entities and the purpose of the sharing
  • Responsibilities of the processors carrying out the processing
  • The rights of the data holder with explicit reference to Article 8 of the LGPD.
How CookiePro Helps
  • Handle the data holder request lifecycle in an effective and compliant manner.
  • Create tailorable holder request intake forms, verify holder identity, configure deadlines, assign tasks, leverage multilingual response templates, and communicate securely with holders through an encrypted messaging portal.
  • Demonstrate compliance, maintain records of all holder requests and interactions.
  • Use organizational hierarchies and roles-based access controls to develop region-specific workflows and controls specific to the LGPD.
CookiePro DSAR Web Form Editor CCPA Data Subject
Targeted Data Discovery
Right of Access

Personal data of the data holder must be stored in a format favoring the exercise of the right of access and only provided on receipt of a “verifiable consumer request.” The data holder determines whether the data will be provided electronically or in paper form. For processing based on contract or consent, a data holder may request a full electronic copy of his or her personal data in a format allowing its processing.

How CookiePro Helps
  • Capture verifiable Consumer Requests through customizable intake forms on your website using CookiePro’s Data Subject Rights tool
  • Pinpoint where an individual’s personal data resides and how it is used
  • Locate where the data is located by searching through your data inventory
CCPA Do Not Sell Laptop Mockup

Get Started with CookiePro Today

Download the new CookiePro Do Not Sell WordPress plugin to allow website visitors to opt-out of the sale of their personal information.

Download Now

Latest Blog Posts

Privacy Tracker: Virginia Privacy Act...
On January, 8, 2020, Lawmakers in Virginia proposed a bill, the Virginia Privacy Act (HB 473), or VCPA, that would create a number of...
Welcome to the CookiePro Community
Whether you’re getting started with CookiePro for the first time or want to find detailed documentation, the CookiePro Community offers...
Cookie Consent Guidelines for Privacy...
In a recent article, we take look at cookie consent best practices according to GDPR, CCPA, ICO, CNIL, LGPD, and the Nevada Privacy Law...
What Is CCPA, and What Will It Bring in 2020?
The California Consumer Privacy Act (CCPA), one of the biggest privacy laws, just went into effect. Learn about the regulation and the...
popup close button