What is the LGPD (General Data Protection Law)?

lgpd capa de post


The General Data Protection Law (LGPD) was passed in August 2018 and will come into effect in August 2020.

The LGPD establishes rules on the collection, storage, processing, and sharing of personal data, determining penalties for non-compliance.

This law applies to any operation carried out with personal data, from the data’s entry into a given entity until its eventual removal.


The main goal of the new law is to create specific rules for the processing, use, and protection of personal data collected digitally or physically.

The law, which was inspired by the General Data Protection Regulation (GDPR), stipulates that all personal data and sensitive data should solely be obtained with the user’s permission.

To make your life easier, we’ll share 3 essential terms that are present in the General Data Protection Law.

  • Personal data: any information that enables the identification of an individual, such as name, RG, CPF, gender, date, and place of birth, home address, telephone, bank card, IP address, cookies, among others.
  • Sensitive data: these are about children and teenagers and/or information related to religious convictions, political opinion, racial or ethnic origin, genetic or biometric information, and health and sexuality issues.
  • Consent to data: consent is the authorization that users grants to third parties to use their data. The user needs to know exactly why his/her data is being requested.

Rights of the holder of personal data

Users can access their data at any time and verify if it’s being treated.

Data subjects can also find out with which institutions their data is shared. Plus, they can update, correct, transfer, delete data and even revoke consent.

What happens to those who break the LGPD?

LGPD imposes penalties on those who fail to comply with the rules. Initially, a warning is given that sets a date for the correction of any irregularities.

However, fines of up to 2% of the company’s net revenue are also imposed, not reaching more than R$ 50 million.

Another penalty is to make public the irregularity in the data processing or to block or delete personal data from the organization’s system.


Much of the users’ most private data is stored in companies’ databases. Therefore, a law to protect users is critical. For this reason, your business must prepare to comply with all LGPD rules.

We’ve developed GetComplied to help companies comply with data protection laws and, it’s super easy! With GetComplied, you can edit your policies, cookies, and user rights, on one single platform!



Was this post helpful?