The LGPD, or Lei Geral de Proteção de Dados Pessoais, is Brazil’s version of the GDPR. It goes into effect in February of 2020.

The LGPD clarifies, updates, improves and supplements Brazil’s former information privacy laws to create more comprehensive support for the privacy of its citizen’s information.

How Do Brazil’s New Privacy Laws Affect You?

The LGPD applies to any organization or business, no matter where it is located, that processes the personal data of Brazilian people. Therefore, if your organization has any clients or customers who reside in Brazil, you will be required to comply with the LGPD. The good news? If you are already in compliance with the GDPR, you are well on your way to LGPD compliance.

The LGPD is far-reaching, applying to processing both within and outside of Brazil (i.e., to any processing “carried out in the national territory”) affecting personal data of individuals, or services or goods offered in the national territory; or personal information collected in the national territory. Similar to the GDPR, the law is far- reaching, and applies to processing activities that are completely performed outside of Brazil, but target or relate to Brazilian citizens.

If your business is outside of Brazil—in America, for instance—but you interact with the personal data of individuals in Brazil, you must be in compliance with the LGPD regarding this data. Conducting processing outside the legal requirements of the LGPD can be costly, with sanctions of up to 50M reais (about $12.9M USD)—or even prohibition from processing the personal data of people from Brazil.

The InfoComply software platform helps organizations meet LGPD requirements by automating records of processing activities, privacy impact assessments and data mapping, identifying privacy risks, and enforcing risk management activities, in an integrated platform.