LGPD

Chapter I (Articles 1-6) Preliminary Provisions
Chapter II (Articles 7-16) Processing of Personal Data
- Section IRequirements for the Processing of Personal Data
- Article 7 - Chances of Carrying Out Personal Data Processing
- Article 8 - Consent of the Personal Data Holder
- Article 9 - Personal Data Subject's Right of Access
- Article 10 - Legitimate Interest of the Controller
- Section IITreatment of Sensitive Personal Data
- Article 11 - Processing of Sensitive Personal Data
- Article 12 - Anonymization of Personal Data
- Article 13 - Processing of Personal Data for Public Health Studies
- Section IIIProcessing of Personal Data of Children and Adolescents
- Article 14 - Personal Data of Children and Adolescents
- Section IVTermination of Data Processing
- Article 15 - Termination of Processing of Personal Data
- Article 16 - Deletion of Personal Data
Chapter III (Articles 17-22) Data Subject's Rights
Chapter IV (Articles 23-32) Processing Activites by the Public Service
Chapter V (Articles 33-36) International Data Transfer
Chapter VI (Articles 37-45) Personal Data Processing Agents
- Section IController and Operator
- Article 37 - RPA's or Treatment Operation Registry
- Article 38 - DPIA or Data Protection Impact Report
- Article 39 - Obligations of the Operator Towards the Controller
- Article 40 - Standards for Interoperability, Portability, Access, Security and Storage Time for Personal Data
- Section IIPersonal Data Controller
- Article 41 - DPO or Person in Charge of Personal Data
- Section IIILiability and Damages
- Article 42 - Repairing Damage to the Personal Data Holder
- Article 43 - Causes of Accountability for Treatment Agents
- Article 44 - Irregularities in the Processing of Personal Data
- Article 45 - Cause of Application of Consumer Laws (CDC) in the Breach of Personal Data
Chapter VII (Articles 46-51) Safety and Good Practice
- Section ISecurity and Data Confidentiality
- Article 46 - TOMs or Technical and Organizational Measures
- Article 47 - Obligations to Guarantee Information Security by Data Processing Agents
- Article 48 - Personal Data Security Incidents
- Article 49 - Structuring of Data Processing Systems
- Section IIGood Practice and Governance
- Article 50 - Rules of Good Practice and Governance
- Article 51 - Encouraging the National Authority to Adopt Technical Standards
Chapter VIII (Articles 52-54) Supervision
- Section IAdministrative Sanctions
- Article 52 - Administrative Sanctions by the National Authority - ANPD
- Article 53 - Regulation of Administrative Sanctions
- Article 54 - Valuation Parameters for Administrative Sanctions
Chapter IX (Articles 55-59) National Data Protection Authority (ANPD) and National Data Protection Council and Privacy
Chapter X (Articles 60-65) Final and Transitional Provisions

Article 49

Structuring of Data Processing Systems

The systems used for the processing of personal data shall be structured in such a way as to meet security requirements, good practice and governance standards and the general principles provided for in this Law and other regulatory standards.