- Chapter I (Articles 1-6) Preliminary Provisions
-
Chapter II (Articles 7-16)
Processing of Personal Data
- Section IRequirements for the Processing of Personal Data
- Article 7 - Chances of Carrying Out Personal Data Processing
- Article 8 - Consent of the Personal Data Holder
- Article 9 - Personal Data Subject's Right of Access
- Article 10 - Legitimate Interest of the Controller
- Section IITreatment of Sensitive Personal Data
- Article 11 - Processing of Sensitive Personal Data
- Article 12 - Anonymization of Personal Data
- Article 13 - Processing of Personal Data for Public Health Studies
- Section IIIProcessing of Personal Data of Children and Adolescents
- Article 14 - Personal Data of Children and Adolescents
- Section IVTermination of Data Processing
- Article 15 - Termination of Processing of Personal Data
- Article 16 - Deletion of Personal Data
-
Chapter III (Articles 17-22)
Data Subject's Rights
- Article 17 - Privacy and Privacy Protection
- Article 18 - Personal Data Holder Rights in Relation to the Controller
- Article 19 - Personal Data Holder Requests
- Article 20 - Right to Review Decisions Based on Automated Processing of Personal Data
- Article 21 - Regular Exercise of the Rights of the Personal Data Holder
- Article 22 - Defense of the Personal Data Subject's Interests
-
Chapter IV (Articles 23-32)
Processing Activites by the Public Service
- Section IOf the Rules
- Article 23 - Specific Rules for the Processing of Personal Data by the Government
- Article 24 - Equivalence of Public Agent
- Article 25 - Interoperability and Structuring of Personal Data for Processing by the Government
- Article 26 - Sharing Personal Data by the Government
- Article 27 - Sharing of Personal Data by the Public Sector with the Private Sector
- Article 28
- Article 29 - Requests from the National Authority (ANPD) to the Public Authorities
- Article 30 - Permissions of the National Authority (ANPD) to the Public Power
- Section IILiability
- Article 31 - Reports of Violation of the National Authority (ANPD)
- Article 32 - Publicity of Impact Reports (DPIA) by the Government
- Chapter V (Articles 33-36) International Data Transfer
-
Chapter VI (Articles 37-45)
Personal Data Processing Agents
- Section IController and Operator
- Article 37 - RPA's or Treatment Operation Registry
- Article 38 - DPIA or Data Protection Impact Report
- Article 39 - Obligations of the Operator Towards the Controller
- Article 40 - Standards for Interoperability, Portability, Access, Security and Storage Time for Personal Data
- Section IIPersonal Data Controller
- Article 41 - DPO or Person in Charge of Personal Data
- Section IIILiability and Damages
- Article 42 - Repairing Damage to the Personal Data Holder
- Article 43 - Causes of Accountability for Treatment Agents
- Article 44 - Irregularities in the Processing of Personal Data
- Article 45 - Cause of Application of Consumer Laws (CDC) in the Breach of Personal Data
-
Chapter VII (Articles 46-51)
Safety and Good Practice
- Section ISecurity and Data Confidentiality
- Article 46 - TOMs or Technical and Organizational Measures
- Article 47 - Obligations to Guarantee Information Security by Data Processing Agents
- Article 48 - Personal Data Security Incidents
- Article 49 - Structuring of Data Processing Systems
- Section IIGood Practice and Governance
- Article 50 - Rules of Good Practice and Governance
- Article 51 - Encouraging the National Authority to Adopt Technical Standards
- Chapter VIII (Articles 52-54) Supervision
-
Chapter IX (Articles 55-59)
National Data Protection Authority (ANPD) and National Data Protection Council and Privacy
- Section INational Data Protection Authority (ANPD)
- Article 55
- Article 55-A - Creation of ANPD - National Data Protection Authority
- Article 55-B - Autonomy of ANPD - National Data Protection Authority
- Article 55-C - Composition of ANPD - National Data Protection Authority
- Article 55-D - Composition of the Directing Council of ANPD - National Data Protection Authority
- Article 55-E - Individual Members of the Board of Directors
- Article 55-F - Former Board Members (Quarantine) Rule
- Article 55-G - Internal Regulations of ANPD - National Data Protection Authority
- Article 55-H - Relocation of Positions
- Article 55-I - Commissioned Positions
- Article 55-J - Competencies ANPD - National Data Protection Authority
- Article 55-K - Application of Sanctions by ANPD - National Data Protection Authority
- Article 55-L - Sources of Revenue From ANPD - National Data Protection Authority
- Article 56
- Article 57
- Section IINational Council for the Protection of Personal Data and Privacy
- Article 58
- Article 58-A - Composition of the National Council for the Protection of Personal Data and Privacy
- Article 58-B - Powers of the National Council for the Protection of Personal Data and Privacy
- Article 59
-
Chapter X (Articles 60-65)
Final and Transitional Provisions
- Article 60 - Changes in MCI - Marco Civil da Internet
- Article 61 - Relationship with Foreign Companies
- Article 62 - Regulation of Data Processing by the Union in (Sinaes)
- Article 63 - Standards for Database Adequacy Prior to LGPD
- Article 64 - Other International Regulations and Treaties
- Article 65 - Term and vacatio legis