General Personal Data Protection Act (LGPD)
Welcome to lgpd-brazil.info. Here you can find the official text (source) of the Law No. 13,709, of August 14, 2018, (Wording given by Law No. 13.853 of 2019) as a neatly arranged website. All articles are linked below and in the side menu. If you find this page useful, feel free to support us by sharing the project.
Quick Access
Chapter II - 7 8 9 10 11 12 13 14 15 16
Chapter III - 17 18 19 20 21 22
Chapter IV - 23 24 25 26 27 28 29 30 31 32
Chapter VI - 37 38 39 40 41 42 43 44 45
Chapter VII - 46 47 48 49 50 51
Chapter VIII - 52 53 54
Chapter IX - 55 55-A 55-B 55-C 55-D 55-E 55-F 55-G 55-H 55-I 55-J 55-K 55-L 56 57 58 58-A 58-B 59
Table of Contents
Chapter I
Preliminary Provisions
Article 2: Fundamentals of Personal Data Protection
Article 3: Applicability of LGPD
Article 4: LGPD Application Exceptions
Article 6: Principles That Govern Treatment Activities
Chapter II
TREATMENT OF PERSONAL DATA
Section I - Requirements for the Processing of Personal Data
Article 7: Chances of Carrying Out Personal Data Processing
Article 8: Consent of the Personal Data Holder
Article 9: Personal Data Subject's Right of Access
Article 10: Legitimate Interest of the Controller
Section II - Treatment of Sensitive Personal Data
Article 11: Processing of Sensitive Personal Data
Article 12: Anonymization of Personal Data
Article 13: Processing of Personal Data for Public Health Studies
Section III - Processing of Personal Data of Children and Adolescents
Article 14: Personal Data of Children and Adolescents
Section IV - Termination of Data Processing
Article 15: Termination of Processing of Personal Data
Article 16: Deletion of Personal Data
Chapter III
Rights of the Holder
Article 17: Privacy and Privacy Protection
Article 18: Personal Data Holder Rights in Relation to the Controller
Article 19: Personal Data Holder Requests
Article 20: Right to Review Decisions Based on Automated Processing of Personal Data
Article 21: Regular Exercise of the Rights of the Personal Data Holder
Article 22: Defense of the Personal Data Subject's Interests
Chapter IV
Preliminary Provisions
Section I - Of the Rules
Article 23: Specific Rules for the Processing of Personal Data by the Government
Article 24: Equivalence of Public Agent
Article 25: Interoperability and Structuring of Personal Data for Processing by the Government
Article 26: Sharing Personal Data by the Government
Article 27: Sharing of Personal Data by the Public Sector with the Private Sector
Article 29: Requests from the National Authority (ANPD) to the Public Authorities
Article 30: Permissions of the National Authority (ANPD) to the Public Power
Section II - Liability
Article 31: Reports of Violation of the National Authority (ANPD)
Article 32: Publicity of Impact Reports (DPIA) by the Government
Chapter V
International Data Transfer
Article 33: Cases of Permission for the International Transfer of Personal Data
Article 34: The Assessment of the Data Protection Level of the Recipient Country(ies)
Article 35: Standard Contract Terms
Article 36: Changes in Guarantees to the Principles of Protection of Personal Data
Chapter VI
Personal Data Processing Agents
Section I - Controller and Operator
Article 37: RPA's or Treatment Operation Registry
Article 38: DPIA or Data Protection Impact Report
Article 39: Obligations of the Operator Towards the Controller
Section II - Personal Data Controller
Article 41: DPO or Person in Charge of Personal Data
Section III - Liability and Damages
Article 42: Repairing Damage to the Personal Data Holder
Article 43: Causes of Accountability for Treatment Agents
Article 44: Irregularities in the Processing of Personal Data
Article 45: Cause of Application of Consumer Laws (CDC) in the Breach of Personal Data
Chapter VII
Safety and Good Practice
Section I - Security and Data Confidentiality
Article 46: TOMs or Technical and Organizational Measures
Article 47: Obligations to Guarantee Information Security by Data Processing Agents
Article 48: Personal Data Security Incidents
Article 49: Structuring of Data Processing Systems
Section II - Good Practice and Governance
Article 50: Rules of Good Practice and Governance
Article 51: Encouraging the National Authority to Adopt Technical Standards
Chapter VIII
Supervision
Section I - Administrative Sanctions
Article 52: Administrative Sanctions by the National Authority - ANPD
Article 53: Regulation of Administrative Sanctions
Article 54: Valuation Parameters for Administrative Sanctions
Chapter IX
NATIONAL DATA PROTECTION AUTHORITY (ANPD) AND NATIONAL DATA PROTECTION COUNCIL AND PRIVACY
Section I - National Data Protection Authority (ANPD)
- Article 55-A: Creation of ANPD - National Data Protection Authority
- Article 55-B: Autonomy of ANPD - National Data Protection Authority
- Article 55-C: Composition of ANPD - National Data Protection Authority
- Article 55-D: Composition of the Directing Council of ANPD - National Data Protection Authority
- Article 55-E: Individual Members of the Board of Directors
- Article 55-F: Former Board Members (Quarantine) Rule
- Article 55-G: Internal Regulations of ANPD - National Data Protection Authority
- Article 55-H: Relocation of Positions
- Article 55-I: Commissioned Positions
- Article 55-J: Competencies ANPD - National Data Protection Authority
- Article 55-K: Application of Sanctions by ANPD - National Data Protection Authority
- Article 55-L: Sources of Revenue From ANPD - National Data Protection Authority
Section II - National Council for the Protection of Personal Data and Privacy
Article 58-A: Composition of the National Council for the Protection of Personal Data and Privacy
Article 58-B: Powers of the National Council for the Protection of Personal Data and Privacy
Chapter X
Final and Transitional Provisions
Article 60: Changes in MCI - Marco Civil da Internet
Article 61: Relationship with Foreign Companies
Article 62: Regulation of Data Processing by the Union in (Sinaes)
Article 63: Standards for Database Adequacy Prior to LGPD