Skip to main content

On-demand webinar coming soon...

LGPD Compliance

Automate compliance with Brazil’s general data protection law

Accelerate time to LGPD compliance and adhere to the range of obligations from the collection of valid consent to the intake and fulfillment of data subject rights. 

LGPD Compliance

A centralized solution for trust and LGPD compliance

OneTrust supports you in respecting your data subjects’ privacy rights and streamlining compliance by operationalizing LGPD requirements in a single platform. 

Simplify data subject requests and automate every phase of the process including intake, identity verification, data discovery, deletion, and secure response. 

Maintain a central consent database across all collection points. Easily configure and embed user-facing preference centers and centrally draft, manage and distribute policies and notices.  

Automatically discover and classify data across structured and unstructured data in cloud, on-premises, and legacy systems. Link data to identities and map to data inventories to document internal data flows and transfers to third parties. 

Leverage pre-built LGPD assessment templates complete with automated risk flagging. Link PIAs, privacy by design (PbD), and vendor assessments to your data map for full visibility into data flows and associated risks. 

Centrally track, manage, and report on incidents and automate your incident investigations and workflows. Link incidents to your data map to fully understand incident risk and severity.  


AI GOVERNANCE
January 28, 2025

Operationalizing the EU AI Act

In this webinar, we’ll explore how OneTrust helps organizations meet EU AI Act compliance by operationalizing AI governance frameworks.


FAQs

Are you subject to Brazil’s data privacy laws and if so, what do you need to look out for? We answer some basic questions below. 

The LGPD (“Lei Geral de Proteção de Dados,” or “General Data Protection Law”) is a privacy law passed by the Brazilian legislature in 2018 and went into effect in 2021. It establishes certain data privacy rights to citizens and mandates companies to increase transparency and safeguards. Brazil’s LGPD takes heavy inspiration from the EU’s General data protection regulation (GDPR) and shares many of its provisions, such as many of the legal bases for data processing activities and the appointment of a data protection officer (DPO) for data controllers. 

The LGPD requires all data processors to be transparent about their use of personal data, collect valid consent and offer covered natural persons free access to their data. Companies must document each purpose and make it available to consumers in an updated public privacy policy. The law establishes fundamental rights for Brazilians and companies must fulfill and process personal data requests in a reasonable time. It also covers data security and companies must inform data subjects if they were exposed to a data breach. 

 

For more information, read The Ultimate Guide to LGPD Compliance

The LGPD covers any personal data processing of Brazilians or persons located in Brazil. This means that even if a company is based outside of the country, they are still subject to the law. Unlike other privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Act (CPRA), there is no size threshold so even small businesses are subject. 

We help you meet the LGPD’s requirements by operationalizing them in a single platform. Minimize the risk of non-compliance with automated data mapping and discovery, risk assessments, incident tracking, and managing data subjects' rights and consent. We also provide access to the world’s largest regulatory database so you can stay up to date with the law’s amendments and rule changes. 

Ready to get started?

Request a free demo today to see how OneTrust can help you unlock the power of responsible data use.