LGPD
Lei Geral de Proteção de Dados (Brazil, Lei 13.709/2018)
Brazil's general data protection law, closely modeled on GDPR. It sets lawful bases for processing, data-subject rights, security obligations and breach communication, enforced by the ANPD.
Who it applies to
Any organization that processes the personal data of individuals in Brazil, or processing carried out in Brazil, or aimed at offering goods or services to people in Brazil, regardless of where the organization is based.
Chapter VI — Agents of processing
Chapter VII — Security and good practices
- Art. 46 Security measures22 mapped
Adopt technical and administrative security measures to protect personal data from unauthorized access and accidental or unlawful destruction, loss, alteration or disclosure.
- Art. 48 Communication of a security incident13 mapped
Communicate to the ANPD and to affected data subjects the occurrence of a security incident that may create risk or relevant damage.
- Art. 50 Good practices and governance rules10 mapped
Formulate rules of good practice and governance covering the conditions of processing, obligations and security measures.