LGDP (Brazil's Privacy Law)

Brazil's LGPD establishes a national framework that applies broadly: it covers any natural or legal person that processes personal data of individuals located in Brazil, regardless of where the processing organization is based. Like the GDPR, the LGPD has extraterritorial effect.

The law establishes ten legal bases for data processing, including consent, legitimate interest, and contractual necessity. It grants data subjects rights comparable to those under the GDPR, including access, correction, deletion, and portability, and requires that certain high-risk processing activities meet heightened standards.

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), is responsible for enforcement and has been progressively more active. For multinational organizations operating in Latin America, the LGPD creates compliance obligations that substantially parallel GDPR requirements but with Brazil-specific nuances around consent and legitimate interest.