• Skip to primary navigation
  • Skip to main content
  • Skip to footer
CUBE announces its acquisition of The HubCUBE announces its acquisition of The HubCUBE announces its acquisition of The Hub

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • View all products
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • Brochures
        • Find

        • Compliance Corner
        • Compliance Confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » What is Brazil’s Lei Geral de Proteção de Dados Pessoais?

Estimated reading time: 3 minutes

What is Brazil’s Lei Geral de Proteção de Dados Pessoais?

Lei Geral de Proteção de Dados Pessoais is Brazil’s answer to General Data Protection Regulation (GDPR). First introduced in 2018, it was phased into business operations over a three year period. It is now relied upon as the best practice for information collection and treatment in order to protect the personal data of Brazilian citizens. 

Brazilian Personal Data History

In Brazil, each different industry and sector has its own legal frameworks and regulatory requirements. Not only is this difficult to navigate for those trying to comply, but even the regulators can get confused since most rules expand past the boundaries of their industry. It’s hard to prevent cybercrimes, since there is too much crossover.  

In Brazil, the first step of this legislation, Lei Geral de Proteção de Dados Pessoais, has served to provide a single overarching definition for personal data: 

“any data that (either individually, or when combined with other information) can identify a person or subject them to a particular treatment”. 

Similarly, the regulation has been introduced in order to emulate a single blanket framework across all businesses and serve the people, rather than the corporations.

Features of Lei Geral de Proteção de Dados Pessoais?

The purpose of this data protection law is to enforce nine key rights of Brazilian citizens pertaining to data collection and treatment. Its aims are similar to the recently introduced Colorado Privacy Act. Therefore, the legislation focuses on business operations and obligations, as well as the power of the authorities to punish and rectify infringements. 

Business obligations

Initially, businesses are obligated to inform, correct, anonymise and delete data at the request of the data subject. They must delete personal data when the client or customer relationship has ended, or after the required holding period has expired. 

Moreover, businesses must appoint a Chief of Data Treatment or Data Protection Officer to strengthen cybersecurity. This individual is responsible for handling complaints, as well as spreading updates and communications throughout the company. They must also stay up-to-date with recent changes to enable the business to adopt best practices.  

Finally, in the case of a data breach, your business is required to inform both the subjects and the authorities. 

Authorities

The primary enforcer of Lei Geral de Proteção de Dados Pessoais is Brazil’s National Data Protection Authority (ANPD). Their role is two-fold; to oversee the privacy regulations and deal with regulatory issues and violations.

Where this regulation was only introduced in 2018 and its final phase of enforcement began in August 2021, there is hardly any legal precedent. Therefore, the ANPD is authorised to interpret case law when required and create suitable sanctions for those who do not comply. 

Finally, the ANPD must promote data protection in society and work towards international cooperation in order to bring Brazil up to speed with the rest of the world. 

Who must comply?

Lei Geral de Proteção de Dados Pessoais applies to private individuals and public companies in the way that they collect and process data. It’s important to note that the legislation does not only apply to Brazilian companies or only protect Brazilian citizens- any business that operates with a nexus in Brazil must comply. 

There are several exceptions- including for journalism or academic data collection. The other exemption to this legislation is for criminal investigation purposes, including where national security or public safety is at stake. 


In order to comply with Lei Geral de Proteção de Dados Pessoais, firms must first conserve privacy in their data collection methods, as well as provide security around data records. To help mitigate risks around technology, access to all regulatory data in a centralised platform with CUBE.    


Speak to the team

Related resources
View all articles
What is RegTech
Compliance Corner

What is RegTech?

What is hemp banking and what regulations are there
Compliance Corner

Hemp Banking

Find out all about the UK's Big Bang 2.0 financial regulation
Compliance Corner

UK government Big Bang 2.0

current US ESG regulations blog
Compliance Corner

What are the current US ESG regulations?


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US

envelope

Want CUBE updates and latest industry news sent straight to your inbox?

Sign up to our Newsletter here