Latin America's flagship privacy law, closely modelled on the GDPR.
Brazil's LGPD mirrors the GDPR's architecture: ten lawful bases, data subject rights, DPO appointment, and extraterritorial reach. The ANPD is issuing regulations and enforcing at a growing pace, which makes Brazil the anchor jurisdiction for any Latin American privacy programme.
At a glance
Who it catches
Processing carried out in Brazil, or aimed at offering goods and services to people in Brazil
Penalties
Up to 2% of Brazil-sourced revenue, capped at R$50 million per infraction
Regulator
Autoridade Nacional de Proteção de Dados (ANPD)
Key concepts
Ten lawful bases, DPO (encarregado) appointment, transfer mechanisms including ANPD-approved SCCs
What it requires
The obligations that matter in practice.
- A lawful basis for each purpose, from a list broader than the GDPR's
- A named DPO (encarregado) as the contact point for the ANPD and data subjects
- Rights handling, including confirmation, access, correction, and deletion
- Transfer mechanisms for data leaving Brazil, including Brazilian SCCs
- Security incident reporting to the ANPD
How we help
Where our practice comes in.
FAQ
Common LGPD (Brazil) questions.
Most of it. The architecture is deliberately similar, so the work is mapping and localisation rather than rebuilding: Brazilian lawful bases, the encarregado appointment, ANPD transfer mechanisms, and Portuguese-language notices.
Start here
Tell us what you're dealing with.
Pick the service that sounds closest, or just describe the situation. You'll get an honest reply within 24 hours: where you stand, what actually needs doing, and whether we're the right fit for it.
Prefer to talk? Book a free 30-min callEmail: abhishek.adv@yahoo.com
LinkedIn: linkedin.com/in/abhishekbansiwal
Working with clients across the EU, UK, US, India, and beyond. See the privacy notice for how enquiries are handled.