Flag of Brazil

LGPD

close

General Personal Data Protection Act (LGPD)

Welcome to lgpd-brazil.info. Here you can find the official text (source) of the Law No. 13,709, of August 14, 2018, (Wording given by Law No. 13.853 of 2019) as a neatly arranged website. All articles are linked below and in the side menu. If you find this page useful, feel free to support us by sharing the project.

Quick Access

Chapter I - 1 2 3 4 5 6

Chapter II - 7 8 9 10 11 12 13 14 15 16

Chapter III - 17 18 19 20 21 22

Chapter IV - 23 24 25 26 27 28 29 30 31 32

Chapter V - 33 34 35 36

Chapter VI - 37 38 39 40 41 42 43 44 45

Chapter VII - 46 47 48 49 50 51

Chapter VIII - 52 53 54

Chapter IX - 55 55-A 55-B 55-C 55-D 55-E 55-F 55-G 55-H 55-I 55-J 55-K 55-L 56 57 58 58-A 58-B 59

Chapter X - 60 61 62 63 64 65

Table of Contents

Chapter I

Preliminary Provisions

Article 1: Object of the Law

Article 2: Fundamentals of Personal Data Protection

Article 3: Applicability of LGPD

Article 4: LGPD Application Exceptions

Article 5: Definitions

Article 6: Principles That Govern Treatment Activities

Chapter II

TREATMENT OF PERSONAL DATA

Section I - Requirements for the Processing of Personal Data

Article 7: Chances of Carrying Out Personal Data Processing

Article 8: Consent of the Personal Data Holder

Article 9: Personal Data Subject's Right of Access

Article 10: Legitimate Interest of the Controller

Section II - Treatment of Sensitive Personal Data

Article 11: Processing of Sensitive Personal Data

Article 12: Anonymization of Personal Data

Article 13: Processing of Personal Data for Public Health Studies

Section III - Processing of Personal Data of Children and Adolescents

Article 14: Personal Data of Children and Adolescents

Section IV - Termination of Data Processing

Article 15: Termination of Processing of Personal Data

Article 16: Deletion of Personal Data

Chapter III

Rights of the Holder

Article 17: Privacy and Privacy Protection

Article 18: Personal Data Holder Rights in Relation to the Controller

Article 19: Personal Data Holder Requests

Article 20: Right to Review Decisions Based on Automated Processing of Personal Data

Article 21: Regular Exercise of the Rights of the Personal Data Holder

Article 22: Defense of the Personal Data Subject's Interests

Chapter IV

Preliminary Provisions

Section I - Of the Rules

Article 23: Specific Rules for the Processing of Personal Data by the Government

Article 24: Equivalence of Public Agent

Article 25: Interoperability and Structuring of Personal Data for Processing by the Government

Article 26: Sharing Personal Data by the Government

Article 27: Sharing of Personal Data by the Public Sector with the Private Sector

Article 28

Article 29: Requests from the National Authority (ANPD) to the Public Authorities

Article 30: Permissions of the National Authority (ANPD) to the Public Power

Section II - Liability

Article 31: Reports of Violation of the National Authority (ANPD)

Article 32: Publicity of Impact Reports (DPIA) by the Government

Chapter V

International Data Transfer

Article 33: Cases of Permission for the International Transfer of Personal Data

Article 34: The Assessment of the Data Protection Level of the Recipient Country(ies)

Article 35: Standard Contract Terms

Article 36: Changes in Guarantees to the Principles of Protection of Personal Data

Chapter VI

Personal Data Processing Agents

Section I - Controller and Operator

Article 37: RPA's or Treatment Operation Registry

Article 38: DPIA or Data Protection Impact Report

Article 39: Obligations of the Operator Towards the Controller

Article 40: Standards for Interoperability, Portability, Access, Security and Storage Time for Personal Data

Section II - Personal Data Controller

Article 41: DPO or Person in Charge of Personal Data

Section III - Liability and Damages

Article 42: Repairing Damage to the Personal Data Holder

Article 43: Causes of Accountability for Treatment Agents

Article 44: Irregularities in the Processing of Personal Data

Article 45: Cause of Application of Consumer Laws (CDC) in the Breach of Personal Data

Chapter VII

Safety and Good Practice

Section I - Security and Data Confidentiality

Article 46: TOMs or Technical and Organizational Measures

Article 47: Obligations to Guarantee Information Security by Data Processing Agents

Article 48: Personal Data Security Incidents

Article 49: Structuring of Data Processing Systems

Section II - Good Practice and Governance

Article 50: Rules of Good Practice and Governance

Article 51: Encouraging the National Authority to Adopt Technical Standards

Chapter VIII

Supervision

Section I - Administrative Sanctions

Article 52: Administrative Sanctions by the National Authority - ANPD

Article 53: Regulation of Administrative Sanctions

Article 54: Valuation Parameters for Administrative Sanctions

Chapter IX

NATIONAL DATA PROTECTION AUTHORITY (ANPD) AND NATIONAL DATA PROTECTION COUNCIL AND PRIVACY

Section I - National Data Protection Authority (ANPD)

Article 55

Article 56

Article 57

Section II - National Council for the Protection of Personal Data and Privacy

Article 58

Article 58-A: Composition of the National Council for the Protection of Personal Data and Privacy

Article 58-B: Powers of the National Council for the Protection of Personal Data and Privacy

Article 59

Chapter X

Final and Transitional Provisions

Article 60: Changes in MCI - Marco Civil da Internet

Article 61: Relationship with Foreign Companies

Article 62: Regulation of Data Processing by the Union in (Sinaes)

Article 63: Standards for Database Adequacy Prior to LGPD

Article 64: Other International Regulations and Treaties

Article 65: Term and vacatio legis