Lei Geral de Proteção de Dados (LGPD)
Lei Geral de Proteção de Dados (LGPD) is Brazil’s comprehensive data protection law that governs how organizations collect, use, store, and share personal data.
What is Lei Geral de Proteção de Dados (LGPD)?
The Lei Geral de Proteção de Dados (LGPD) is Brazil’s federal privacy law that regulates the processing of personal data by public and private organizations. Inspired by global frameworks such as the General Data Protection Regulation (GDPR, it establishes principles for lawful processing, individual rights, governance requirements, and security protections.
The LGPD applies to any organization processing personal data in Brazil or handling data related to individuals located in Brazil, regardless of where the organization is based.
It requires transparency, legal bases for processing, data subject rights, security measures, and accountability programs to ensure responsible and ethical data handling.
Why Lei Geral de Proteção de Dados (LGPD) matters
The LGPD provides individuals in Brazil with meaningful control over their personal information, strengthens trust, and establishes clear obligations for organizations operating in the country.
For businesses, LGPD compliance is essential to avoid enforcement actions, reputational harm, and operational disruption—especially for multinational organizations with customers or employees in Brazil.
The law also promotes consistent privacy governance by aligning Brazil with international privacy standards, enabling safer cross-border data flows, and encouraging organizations to adopt privacy-by-design practices.
How Lei Geral de Proteção de Dados (LGPD) is used in practice
- Establishing lawful bases for processing personal data
- Implementing transparency mechanisms such as privacy notices
- Responding to access, correction, deletion, and portability requests
- Conducting risk assessments for high-risk processing activities
- Managing vendor relationships and contracts to ensure LGPD compliance
- Implementing security controls to prevent breaches and unauthorized access
Related laws & standards
- General Data Protection Regulation (GDPR)
- California Privacy Rights Act (CPRA)
- Digital Operational Resilience Act (DORA)
- SOC 2
- India DPDPA
How OneTrust helps with Lei Geral de Proteção de Dados (LGPD)
OneTrust helps organizations operationalize LGPD compliance with automated assessments, data mapping, rights request workflows, governance policies, and evidence tracking. The platform centralizes data protection activities and supports ongoing accountability with configurable controls and reporting capabilities.
[Explore Solutions →]
FAQs about Lei Geral de Proteção de Dados (LGPD)
Both laws protect personal data and establish rights for individuals, but LGPD includes unique legal bases, definitions, and enforcement structures specific to Brazil. GDPR has broader territorial scope and more prescriptive requirements in several areas.
Legal, privacy, compliance, IT security, and data governance teams typically collaborate. Many organizations designate a Data Protection Officer (DPO) to coordinate compliance efforts.
The LGPD aligns closely with the GDPR, helping multinational organizations maintain consistent privacy governance while meeting regional requirements in Brazil.
