When GDPR came into force in 2018, other jurisdictions took notice, keen to see how it would work in practice and if it could be replicated.
Last month, Brazil’s Lei Geral de Proteção de Dados, or LGPD, came into effect. The regulation establishes a framework for how data is collected, stored and shared and consolidates some 40 different rules under one roof.
The previous system lacked clear certainty, which hindered Brazil’s competitiveness. The LGPD aims to provide that certainty and the economic benefits that come with it.
Approved in 2018, the law takes more than a few cues from GDPR and provided companies and public authorities with two years to get their houses in order.
It introduces curbs on the collection and use of private data without consent as well as any discriminatory use of data.
LGPD affirms several rights for individuals, such as the right to access data held on them, to correct or delete data, and to revoke consent. The law also provides for data portability where a person can request to move data from one service provider to another.