Approved in 2018, the General Data Protection Law (LGPD) is Brazil's data privacy and protection law. Coming into force in August 2020, the LGPD was based on the GDPR, with certain changes that better suit Brazilian legislation.
Applying to public and private organizations doing business in Brazil, the purpose of the LGPD is to protect the personal data of Brazilian citizens.
Its unifying principle is that users can decide when and how an organization may use their personal data, meaning organizations must get permission from users before collecting data of any type.
The LGPD is enforced by the National Data Protection Authority (ANPD), which has the power to investigate potential violations, impose fines, create best practices, and issue guidelines.