What Does LGPD Stand For?

Cole PrudenBrazil’s LGPD, Compliance, PII, Regulatory Compliance

What does LGPD stand for blog article by PII Tools

The LGPD may appear similar to other data protection regulations, but it’s essential to be aware of its key differences. Read on to learn what ‘LGPD’ stands for, not only the acronym but also the law itself and how it affects your business.

What is the LGPD?

Let’s just get the easy part out of the way. LGPD stands for Lei Geral de Proteção de Dados Pessoais. Or, if you don’t speak Brazilian Portuguese, the General Personal Data Protection Act.

Originally introduced in August 2018, the LGPD can be lightly described as the Brazilian version of the EU’s GDPR. It establishes rules for the collection, use, processing, and storage of personal data. And, lucky for us, the LGPD even defines “personal data” in the same way as the GDPR.

But what does the LGPD really stand for? Let’s break it down into 3 fundamental parts.

10 Legal Bases

Unlike the GDPR’s six, the LGPD has 10 legal bases under which personal data can be processed. Each hipóteses legais clearly defines a lawful justification for collecting or using personal data in Brazil.

 

What does LGPD stand for 10 legal bases by PII Tools

 

  • Consent (Art. 7, I)
    The data subject gives free, informed, and unambiguous consent to process their personal data for a specific purpose.
  • Compliance with Legal or Regulatory Obligation (Art. 7, II)
    Processing is necessary to fulfill legal or regulatory duties of the data controller.
  • Public Administration (Art. 7, III)
    Data is processed by public authorities for the execution of public policies provided by law or regulation.
  • Research (Art. 7, IV)
    Processing for research purposes, preferably anonymized, ensuring ethical and legal standards are followed.
  • Contract Execution (Art. 7, V)
    Processing is necessary for the performance of a contract or preliminary steps requested by the data subject.
  • Exercise of Rights in Judicial, Administrative, or Arbitration Proceedings (Art. 7, VI)
    Data is used for the defense or exercise of rights in legal processes.
  • Protection of Life or Physical Safety (Art. 7, VII)
    Processing is necessary to protect the life or physical integrity of the data subject or third party.
  • Health Protection (Art. 7, VIII)
    Data is processed to ensure health care, especially in procedures by health professionals or public health systems.
  • Legitimate Interest (Art. 7, IX)
    Processing is necessary to meet the legitimate interests of the controller or third parties, except where data subjects’ rights prevail.
  • Credit Protection (Art. 7, X)
    Processing is needed to protect the creditworthiness of the data subject, such as in credit analysis or fraud prevention.

Data Subject Rights

The second fundamental piece to the LGPD is how it defines the rights of its data subjects in Brazil. The LGPD makes it clear that individuals have multiple rights over their own personal data, including:

 

 

  • Access to their data.
  • Correction of incomplete, inaccurate, or outdated data.
  • Data portability.
  • Deletion of unnecessary or unlawfully processed data.
  • Revocation of consent.

 

3. Governance & Sanctions

Of course, defining legal bases and identifying the rights of data subjects is important, but the rules are only effective if they’re also upheld. That’s where the ANPD steps in. The Autoridade Nacional de Proteção de Dados is the regulatory authority responsible for overseeing LGPD compliance.

The LGPD also dictates how organizations are required to implement security, technical, and administrative measures to protect personal data. And the ANPD has no qualms about swinging its proverbial hammer.

For instance, in 2023, the ANPD sanctioned several public entities for various LGPD violations, including a delayed notification of a data breach affecting 1.5 million people and inadequate security measures that also resulted in a data breach.

Although the ANPD has only issued a few symbolic fines for similar compliance issues, it is currently ramping up its efforts with a combination of financial penalties and corrective sanctions.

LGPD Compliance

One could say that the LGPD stands for a few different things. Of course, there’s its literal translation, but we prefer to look at the standard it’s set in this part of the world. The LGPD stands for the rights of data subjects in and from Brazil, and it forces organizations to care about lawful data protection.

And if you want to ensure you don’t fall into the wrong side of the LGPD’s crosshairs, then you can quickly and easily discover and remediate all at-risk data using PII Tools.

Now’s the time to do what’s best for your business and the user or client data that you’ve been trusted to protect!

Get Ready for LGPD Data Requests & Perform In-House Audits with PII Tools!