Iubenda logo
Start generating

LGPD compliance for your site, app and business

The LGPD is Brazil's new General Data Protection Law. Thought to be inspired by the GDPR, it also differs in several important ways. The law places new requirements on businesses, and therefore new legal and technical burdens as well. Compliance can be complicated – figuring out the right way to make both legal and technical specifications work for your site and business can be incredibly challenging. Our compliance solutions do the heavy legal and technical lifting so that you can focus on growing your business.

Read all about the LGPD in our detailed guide

Start generating

LGPD target shield icon

Does the LGPD apply to you?

The LGPD applies in two scenarios:

If your processing activities fall within either category, then the law applies to you.

What's required for LGPD compliance

LGPD world icon

Detailed disclosures via Privacy Policy


Under the LGPD, companies must include specific disclosures about their processing of user data in their privacy policies. This information must be made available in a clear, adequate, and notable manner, and should be easily accessible throughout your website/app.

Invalid document icon

Policies are invalid if they're missing the right information

In order to be compliant, your policy must at the very least contain:

  • the specific purpose of the processing;
  • the type of processing and the duration of the processing;
  • the identity and contact details of the data controller;
  • information about who the data is shared with and why;
  • the responsibilities of any processors or agents that will carry out the processing;
  • the applicable user rights and how they can be exercised.

Read more about user rights under the LGPD

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

With one-click activation for displaying LGPD related language, disclosures, and instructions, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app. All our policies are customizable from 1700+ clauses, available in 9 languages, crafted by our lawyers and automatically updated if the law changes.

Desktop cookie banner

Valid records of the Consent you collect


Like the GDPR, the LGPD establishes certain rules for how consent must be collected. In order to make your forms LGPD compliant - regardless of how many users you have - consent must be "free, informed and unambigious". This means that your contact, newsletter and registration forms must clearly state your intentions, link to your privacy policy, and collect opt-in consent for different activities.

Under the LGPD the burden of proof to demonstrate valid consent lies with you. In order to comply, you're required to keep records of consent that prove consent was collected in a legally compliant way.

Consent Solution icon

Consent Solution

Our Consent Solution hooks onto your web-forms to let you automatically pass consumer preference details like opt-out via API to a centrally managed visual consent dashboard.

Our solution lets you record all relevant aspects of the consent collected including:

  • user details like id, email and IP address;
  • date and time of opt-in or opt-out;
  • whether or not the consent was verified via double opt-in;
  • document version available to the user at the time of opt-in (e.g. privacy policy, terms and conditions); and
  • the means by which the consent was collected (e.g. details of the web form).

Up-to-date records of your data processing activities


Under the LGPD, it is mandatory that you keep records of your data processing activities – regardless of the size of your business, how often you process data or the nature of the processing you do.

User icon Plus icon Cursor icon
Checkmark empty icon Checkmark checked icon
Checkmark empty icon Checkmark checked icon
Cursor icon
Pencil icon Paper icon
Earth icon Shield icon
Internal Privacy Management icon

Internal Privacy Management

Our Internal Privacy Management Solution lets you easily create, manage and maintain records of your data processing activities, so that you can meet mandatory LGPD requirements.

The solution records:

  • security details such as which members of your organization has access to user data;
  • any registered processors or operators processing data on your behalf;
  • manually added purposes for the processing;
  • which legal basis apply to particular processing activities,
  • data collection methods and more.
Fine risk icon

Penalties and fines for LGPD non-compliance

The legal consequences for non-compliance can include fines of 2% of your company’s annual turnover – up to BRL 50 million (currently roughly €8M or US$9M) – per violation. Not all LGPD infringements lead to fines: sanctions may include official reprimands, periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists), suspended databases, and liability damages.

More about consequences of LGPD non-compliance

Trusted by over 90,000 clients in 100+ countries

Snopes logo
Le Monde logo
MaxMara logo
Huffpost logo
Arduino logo
Opengov logo
Martini logo
Mit logo
Goethe logo
Jobtome logo
Newyorkcode logo
Honda logo
The Spectator logo
Ustwo logo
Siemens logo
Neals Yard Remedies logo

Best reviewed GDPR Compliance Solution on Capterra and Trustpilot with 5 stars

Capterra rating

“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”

Trustpilot rating

I can't recommend iubenda enough. It's saved me so much time and headaches trying to sort it all out with other, sub-par solutions. Thank you!

Start generating


2261215 self-updating documents already generated


What is personal data under the LGPD?

Personal data under the LGPD is any information that relates to an identified or identifiable living person. This includes details that, when collected together, can lead to the identification of a person, like (but not limited to) name, IP address or personal email address.

More on personal data under the LGPD

How does LGPD differ from GDPR?

The LGPD can be considered as Brazil's answer to the GDPR – with the Brazilian law aligning with the European Regulation in many ways, while differing in others, like the 10 legal bases.

More about LGPD vs GDPR

Documentation and Guides

See all Guides

All our products are WCAG Level AAA Compliant

Level AAA conformance, W3C WAI Web Content Accessibility Guidelines 2.1

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1700+ clauses, available in 9 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Cookie Solution icon

Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and CCPA Compliance Framework.

Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.


Compliance for your organization

Consent Solution icon

Consent Solution

Collect GDPR & LGPD consent, document opt-ins and CCPA opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Internal Privacy Management icon

Internal Privacy Management

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.