Compliance with Brazil’s New Data Privacy Legislation: What U.S. Companies Need to Know
21 Pages Posted: 14 Feb 2021 Last revised: 25 Feb 2021
Date Written: January 25, 2021
The legal system in Brazil has long looked to European legislation for inspiration and guidance. When it comes to data-privacy laws today, Brazilian legislators again have been encouraged by European officials to look to European models, the European Union’s General Data Privacy Regulation (GDPR). The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, Law No. 13,709/2018, or "LGPD"), enacted in August 2020, specifically seeks to achieve the same level of restrictions and conform to the demands of the GDPR. Perhaps most importantly for our purposes, the Brazilian LGPD presents a significant compliance challenge for companies, forcing them to rethink how they collect, store, and use personal data throughout the data lifecycle.
The practical scope of this paper assumes that the reader is already familiar with the EU data privacy laws and is seeking a good source of information about Brazilian data privacy laws. While many companies are already well advanced in assessing its data processing activities vis-à-vis the GDPR, they may also need to become LGPD compliant, which could mean instituting multiple new requirements. In broad strokes, this paper will explain, from a compliance and legal perspective, the existing differences between the GDPR and the LGPD regulations, the enforcement mechanisms, what companies need to know to become compliant with the Brazilian laws, as well as the effects of violations of the LGPD, its important definitions, and which entities have to comply.
Keywords: Data privacy, Brazil data privacy law, GDPR, LGPD, Compliance law
Suggested Citation: Suggested Citation