Iubenda logo
New California's Consumer Privacy Act (CCPA) enforceable from January 1st. Find out how to comply ->

LGPD compliance for your site, app and business

The LGPD is Brazil's new General Data Protection Law. Thought to be inspired by the GDPR, it also differs in several important ways. The law places new requirements on businesses, and therefore new legal and technical burdens as well. Compliance can be complicated – figuring out the right way to make both legal and technical specifications work for your site and business can be incredibly challenging. Our compliance solutions do the heavy legal and technical lifting so that you can focus on growing your business.

Read all about the LGPD in our detailed guide

Desktop icon Database icon Gear icon Brazil icon
Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon

Start generating

LGPD target shield icon

Does the LGPD apply to you?

The LGPD applies in two scenarios:

If your processing activities fall within either category, then the law applies to you.

What's required for LGPD compliance

LGPD world icon

Detailed disclosures via Privacy Policy

Requirement

Under the LGPD, companies must include specific disclosures about their processing of user data in their privacy policies. This information must be made available in a clear, adequate, and notable manner, and should be easily accessible throughout your website/app.

Invalid document icon

Policies are invalid if they're missing the right information

In order to be compliant, your policy must at the very least contain:

  • the specific purpose of the processing;
  • the type of processing and the duration of the processing;
  • the identity and contact details of the data controller;
  • information about who the data is shared with and why;
  • the responsibilities of any processors or agents that will carry out the processing;
  • the applicable user rights and how they can be exercised.

Read more about user rights under the LGPD

Solution
Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

With one-click activation for displaying LGPD related language, disclosures, and instructions, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app. All our policies are customizable from 1300+ clauses, available in 8 languages, crafted by our lawyers and automatically updated if the law changes.

Explore
Desktop cookie banner

Valid records of the Consent you collect

Requirement

Like the GDPR, the LGPD establishes certain rules for how consent must be collected. In order to make your forms LGPD compliant - regardless of how many users you have - consent must be "free, informed and unambigious". This means that your contact, newsletter and registration forms must clearly state your intentions, link to your privacy policy, and collect opt-in consent for different activities.

Under the LGPD the burden of proof to demonstrate valid consent lies with you. In order to comply, you're required to keep records of consent that prove consent was collected in a legally compliant way.

Solution
Consent Solution icon

Consent Solution

Our Consent Solution hooks onto your web-forms to let you automatically pass consumer preference details like opt-out via API to a centrally managed visual consent dashboard.

Our solution lets you record all relevant aspects of the consent collected including:

  • user details like id, email and IP address;
  • date and time of opt-in or opt-out;
  • whether or not the consent was verified via double opt-in;
  • document version available to the user at the time of opt-in (e.g. privacy policy, terms and conditions); and
  • the means by which the consent was collected (e.g. details of the web form).
Explore

Up-to-date records of your data processing activities

Requirement

Under the LGPD, it is mandatory that you keep records of your data processing activities – regardless of the size of your business, how often you process data or the nature of the processing you do.

User icon Plus icon Cursor icon
Checkmark empty icon Checkmark checked icon
Checkmark empty icon Checkmark checked icon
Cursor icon
Pencil icon Paper icon
Earth icon Shield icon
Solution
Internal Privacy Management icon

Internal Privacy Management

Our Internal Privacy Management Solution lets you easily create, manage and maintain records of your data processing activities, so that you can meet mandatory LGPD requirements.

The solution records:

  • security details such as which members of your organization has access to user data;
  • any registered processors or operators processing data on your behalf;
  • manually added purposes for the processing;
  • which legal basis apply to particular processing activities,
  • data collection methods and more.
Explore
Fine risk icon

Penalties and fines for LGPD non-compliance

The legal consequences for non-compliance can include fines up to 50 million Brazilian reais (currently roughly €8M or US$9M) or 2% of a company’s annual turnover in Brazil, per violation. Not all LGPD infringements lead to fines: sanctions may include official reprimands, periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists) and liability damages.

More about consequences of LGPD non-compliance

Trusted by over 60,000 clients in 100+ countries

Opengov logo Martini logo Mit logo Goethe logo Ustwo logo Newyorkcode logo Honda logo Jobtome logo The Spectator logo
Best reviewed GDPR Compliance Solution on Capterra with 5 stars

“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”

Start generating

TRY BEFORE YOU BUY or STAY WITH THE FREE OPTION

1561403 self-updating documents already generated

FAQ

What is personal data under the LGPD?

Personal data under the LGPD is any information that relates to an identified or identifiable living person. This includes details that, when collected together, can lead to the identification of a person, like (but not limited to) name, IP address or personal email address.

Read More

How does LGPD differ from GDPR?

The LGPD can be considered as Brazil's answer to the GDPR – with the Brazilian law aligning with the European Regulation in many ways, while differing in others, like the 10 legal bases.

More about LGPD vs GDPR

Documentation and Guides

See all Guides

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1300+ clauses, available in 8 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Explore
Cookie Solution icon

Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.

Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.

Explore

Compliance for your organization

Consent Solution icon

Consent Solution

Collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Explore
Internal Privacy Management icon

Internal Privacy Management

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.

Explore