What is a Brazilian General Data Protection Law (LGPD)?

Brazil’s General Data Protection Law (or LGPD) brings sorely needed clarification to the Brazilian legal framework. The LGPD attempts to unify the over 40 different statutes that currently govern personal data, both online and offline, by replacing certain regulations and supplementing others. This unification of previously disparate and oftentimes contradictory regulations is only one similarity it shares with the EU’s General Data Protection Regulation.

Applicability

Unlike its predecessors, such as the GDPR and California Consumer Privacy Act, the LGPD’s applicability is not limited only to businesses and organizations above a particular size. Rather, the law is applicable to businesses of all sizes and provides exceptions only in a few enumerated instances, such as where data are collected exclusively for journalistic, artistic and academic purposes, or public safety and national defense.

Objective

The LGPD is important because it is a privacy law with “extraterritorial application” which means that organizations that process personal data of Brazilians will be bound to comply with the LGPD regardless of where they are owned or operated from just like GDPR or CCPA

As Brazil has over 138 million internet users, making it the largest Internet market in Latin America and the fourth largest in the world, there is a high chance that your organization will need to comply with the LGPD. 

The Brazilian government designed the LGPD to achieve adequacy agreement with the EU to ensure a free flow of data between the two. 

Approach

Our approach is mentioned below: 

Phase 1: Governance & Planning
Phase 2: Gap Analysis
Phase 3: Implementation 
Phase 4: Privacy Compliance, Risk Management Framework & Audit

    Why CyberSRC®?

    Established in January 2018, CyberSRC® Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team.