General Data Protection Law (Lei Geral de Proteção de Dados)

What you need to know

  • LGPD is a Brazilian law that establishes rules on the collection, use, processing, storage, and sharing of personal data, with the aim of protecting the privacy and fundamental rights of individuals.

  • LGPD compliance applies to any organization, regardless of its location, that processes personal data in Brazil, or that offers goods or services to individuals located in Brazil.

  • LGPD imposes significant fines and penalties for non-compliance and provides individuals with various rights, including the right to access, correct, and delete their personal data.

  • Organizations that process personal data must comply with a range of obligations, such as obtaining individuals' consent before collecting their data, implementing appropriate security measures to protect personal data, among others.

  • LGPD also establishes the National Data Protection Authority (ANPD), which is responsible for overseeing and enforcing the law. The ANPD has the power to impose fines of up to 2% of a company's annual revenue or a maximum of R$50 million (approximately USD $9.4 million).


  • LGPD applies to any organization, regardless of size, so even small businesses and startups need to comply with the law?

  • Brazil is one of the few countries in Latin America that has a comprehensive data protection law?

  • LGPD is considered one of the most comprehensive data protection laws in the world?

  • Under LGPD, individuals have the right to request the deletion of their personal data from an organization's database? This is known as the "right to be forgotten" and is similar to a provision in the GDPR.

Key Benefits of comforte’s LGPD Compliance services

The comforte Data Security Platform provides data discovery, classification and protection capabilities to help you:


variety of protection methods to pseudonymize or encrypt personal data


consistent, granular access controls to ensure that only authorized personnel have access to personal data


data securely between different systems and organizations


Data Subject Access Request management, by auto-detecting and tracking data subjects' PII across the organization and manage it in a central master catalog

FAQs on LGPD Compliance

Next steps


LGPD compliance is vitally important for any business. If you would like to learn more about our LGPD compliance services, please feel free to get in touch with our experts who would be happy to discuss solutions.


Contact us