Brazil: Implemented General Data Protection Law (LGPD) including data transfer regulations
Description
Implemented General Data Protection Law (LGPD) including data transfer regulations
After an initial grace period, the Brazilian data protection law (Lei N° 13.709) is fully implemented and can be enforced by the Brazilian courts and responsible agencies, with the possibility to apply the penalties contained in the law. The Law unifies over 40 different statutes governing personal data protection and establishes the National Data Protection Authority as the main enforcer. Moreover, it is set out in Chapter V (Art. 33-36) that the transfer of personal data shall be made only to countries ensuring a level of data protection adequate to the law's standards.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2018-05-29
under deliberation
2018-08-14
adopted
2020-09-18
in grace period
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
2
Type
Governmental organisation
Economic activity
cross-cutting
Category
All
3
Type
Public-Private Partnership
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): transfer: cross-border
Regulatory tool
Standard contractual clauses requirement
Adequacy decision requirement
Cross-border data transfer limitation
Private code of conduct requirement
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Restitution of damages
Fine
Regulated subjects
1 2 3