LGPD-Embossed-Butto
Who is impacted?
Any organization or business that processes the personal data of people in Brazil, regardless of where that business or organization itself might be located, is subject to the Brazilian General Data Protection Law or LGPD.

Key Takeaways:
LGPD modeled itself after GDPR and implemented many of the same requirements: Organizations must always maintain and protect data and quickly report breaches.

Penalties
LGPD fines are 2% of global revenue or $13.5 million USD per infraction
Additional GDPR mandates
  • Organizations of any size must appoint a Data Protection Officer responsible for implementing best practices
  • Organizations must implement technical and administrative procedures to protect data from breach
  • Data must be destroyed within the four walls of an organization as LGPD explicitly requires organizations always maintain control of their dataIndividuals have the right to request their data is properly deleted (LGPD Article 7)
  • Organizations, businesses, and controllers of data must communicate and report a data breach in a reasonable time period (LGPD Article 48)
White Paper | May 2020 QUICK LINKS: GDPR | NIST | LGPD | CCPA