{"id":295,"date":"2020-09-15T10:46:23","date_gmt":"2020-09-15T08:46:23","guid":{"rendered":"https:\/\/stage.usercentrics.com\/?post_type=knowledge&p=5076"},"modified":"2025-06-24T15:52:49","modified_gmt":"2025-06-24T13:52:49","slug":"eu-gdpr-vs-brazil-lgpd","status":"publish","type":"knowledge","link":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/","title":{"rendered":"EU GDPR vs. Brazil LGPD"},"content":{"rendered":"\n

General Requirements similarities and differences <\/h2>\n\n\n\n
<\/th>GDPR <\/th>LGPD <\/th><\/tr>
Who does it apply to? = Extraterritorial application\/effect<\/strong><\/td>The whole point of the GDPR is to protect data belonging to EU citizens and residents<\/strong>. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not (Art. 3). <\/td>Any business or organization that processes the personal data of people in Brazil,<\/strong> regardless of where that business or organization itself might be located. LGPD applies to any individual whose data has been collected or is being processed while inside the territory of Brazil<\/strong>, and not only Brazilian citizens. <\/td><\/tr>
Personal data <\/strong><\/a><\/td>Any piece of information that relates to an identifiable person.<\/strong><\/td>According to Art. 5 Personal Data is any information of an identified or identifiable natural person <\/strong><\/td><\/tr>
Data subject rights<\/strong><\/td>In chapter 3 the GDPR grants data subjects the following eight fundamental rights:<\/strong>

1. the right to be informed;
2. the right of access;
3. the right to rectification;
4. the right to be forgotten;
5. the right to restrict processing;
6. the right to data portability;
7. the right to object to processing and 
8. the rights in relation to automated decision-making and profiling<\/td>		Article 18 <\/strong>explains the nine fundamental rights<\/strong>, which are essentially the same rights as the GDPR but LGPD split \u201cThe right to information about public and private entities with which the controller has shared data\u201d out of the GDPR\u2019s more general \u201cRight to be informed\u201d<\/strong> to make it more explicitThe LGPD (Lei Geral de Prote\u00e7\u00e3o de Dados<\/em><\/a>) creates nine rights<\/strong> for data subjects.They are found in Article 18<\/strong> and empower individuals with the rights to:

1. confirmation of the existence of the processing of their data,
2. access their data,
3. correct incomplete, inaccurate or out-of-date data,
4. anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD,
5. have their data be portable, i.e. handed over to another service or processor if requested,
6. have their data deleted,
7. information about public and private entities with which the controller has shared data,
8. information about the possibility of denying consent and the consequences,
9. revoke consent.<\/td><\/tr>
Data protection officers <\/strong><\/td>GDPR outlines when a DPO is required (Art. 37).<\/td>Article 41 in the LGPD simply says, \u201cThe controller shall appoint an officer to be in charge of the processing of data,\u201d which suggests that any organization that processes the data of people in Brazil will need to hire a DPO.<\/td><\/tr>
Legal basis for processing data <\/strong><\/td>In the GDPR there are 6 legal bases for processing<\/strong> personal data<\/strong>. They are listed in Article 6 para. 1 of the GDPR and are the following:

1. Consent (lit. a)
2. Contractual performance (lit. b)
3. Compliance with a legal obligation (lit. c)
4. Vital interests (lit. d)
5. Public interest (lit. e)
6. Legitimate interests (lit. f)<\/td>		Article 7, the LGPD lists 10 legal bases<\/strong>. Also, the protection of credit (referring to a credit score) is a legal basis for the processing of data which is a real difference from the GDPR. LGPD\u2019s legal bases for processing

The ten legal bases in the LGPD (Article 7) for lawful processing of personal data are: 

1. With the consent of the data subject,
2. To comply with a legal or regulatory obligation of the controller,
3. To execute public policies provided in laws or regulations, or based on contracts, agreements, or similar instruments,
4. To carry out studies by research entities that ensure, whenever possible, the anonymization of personal data,
5.To execute a contract or preliminary procedures related to a contract of which the data subject is a party,
6. To exercise rights judicial, administrative or arbitration procedures,
7. To protect the life or physical safety of the data subject or a third party,\u2019
8. To protect health, in a procedure carried out by health professionals or by health entities,
9. To fulfill the legitimate interests of the controller or a third party, except when the data subject\u2019s fundamental rights and liberties which require personal data protection prevail,
10. To protect credit.<\/td><\/tr>
Reporting data breaches<\/strong><\/td>Report a data breach within 72 hours<\/strong><\/td>No guidance for what constitutes a \u201creasonable time period\u201d <\/strong>as the national data protection agency has not yet been established.<\/td><\/tr>
Fines <\/strong><\/td>Pay to up to $23.72 million or 4% of annual global revenue,<\/strong> whichever is higher. <\/td>\u201c2% of a private legal entity\u2019s, group\u2019s, or conglomerate\u2019s revenue in Brazil, for the prior fiscal year, excluding taxes, up to a total maximum of 50 million reals\u201d<\/strong> (this works out to roughly $13.05 million)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Would you like to learn more about Consent Management
and all the  possibilities our CMP offers for a data privacy<\/b> compliance implementation? <\/b><\/p>\n\n\n\n

We would be happy to advise you.<\/b><\/p>\n\n\n\n

 <\/p>\n\n\nRequest a Demo<\/span><\/a>","protected":false},"excerpt":{"rendered":"

General Requirements similarities and differences  GDPR  LGPD  Who does it apply to? = Extraterritorial application\/effect The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not (Art. 3).  Any business or organization that processes the personal data of […]<\/p>\n","protected":false},"featured_media":2036,"template":"","meta":{"_acf_changed":false,"editor_notices":[],"footnotes":""},"tags":[],"magazine_issue":[],"magazine_tag":[],"resource_tag":[13],"class_list":["post-295","knowledge","type-knowledge","status-publish","has-post-thumbnail","hentry","resource_tag-regulations"],"acf":[],"yoast_head":"EU GDPR vs. Brazil LGPD | Usercentrics GmbH<\/title>\n<meta name=\"description\" content=\"Learn more about the general requirements similarities and differences\u00a0from GDPR and LGPD.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"EU GDPR vs. Brazil LGPD | Usercentrics GmbH\" \/>\n<meta property=\"og:description\" content=\"Learn more about the general requirements similarities and differences from GDPR and LGPD.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/\" \/>\n<meta property=\"og:site_name\" content=\"Usercentrics - US\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/usercentrics\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-24T13:52:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/usercentrics.com\/us\/wp-content\/uploads\/sites\/7\/2020\/09\/shutterstock_556586302-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"EU GDPR vs. Brazil LGPD | Usercentrics GmbH\" \/>\n<meta name=\"twitter:description\" content=\"Learn more about the general requirements similarities and differences from GDPR and LGPD.\" \/>\n<meta name=\"twitter:site\" content=\"@usercentrics\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/\",\"url\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/\",\"name\":\"EU GDPR vs. Brazil LGPD | Usercentrics GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/wp-content\\\/uploads\\\/sites\\\/7\\\/2020\\\/09\\\/shutterstock_556586302-scaled.jpg\",\"datePublished\":\"2020-09-15T08:46:23+00:00\",\"dateModified\":\"2025-06-24T13:52:49+00:00\",\"description\":\"Learn more about the general requirements similarities and differences\u00a0from GDPR and LGPD.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/\"}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/#primaryimage\",\"url\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/wp-content\\\/uploads\\\/sites\\\/7\\\/2020\\\/09\\\/shutterstock_556586302-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/wp-content\\\/uploads\\\/sites\\\/7\\\/2020\\\/09\\\/shutterstock_556586302-scaled.jpg\",\"caption\":\"GDPR vs. Brazil LGPD\",\"copyrightNotice\":\"\u00a9 Copyright 2026 Usercentrics GmbH\",\"creator\":{\"@type\":\"Organization\",\"name\":\"Usercentrics GmbH\"},\"creditText\":\"Image: Usercentrics GmbH\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Resources\",\"item\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/resources\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"EU GDPR vs. Brazil LGPD\",\"item\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/knowledge-hub\\\/eu-gdpr-vs-brazil-lgpd\\\/\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/#website\",\"url\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/\",\"name\":\"Usercentrics - US\",\"description\":\"Consent Management Platform (CMP) Usercentrics\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/usercentrics.com\\\/us\\\/?s={search_term_string}\"}}],\"inLanguage\":\"en-US\"}]}<\/script>","yoast_head_json":{"title":"EU GDPR vs. Brazil LGPD | Usercentrics GmbH","description":"Learn more about the general requirements similarities and differences\u00a0from GDPR and LGPD.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"EU GDPR vs. Brazil LGPD | Usercentrics GmbH","og_description":"Learn more about the general requirements similarities and differences from GDPR and LGPD.","og_url":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/","og_site_name":"Usercentrics - US","article_publisher":"https:\/\/www.facebook.com\/usercentrics","article_modified_time":"2025-06-24T13:52:49+00:00","og_image":[{"url":"https:\/\/usercentrics.com\/us\/wp-content\/uploads\/sites\/7\/2020\/09\/shutterstock_556586302-scaled.jpg","width":1,"height":1,"type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_title":"EU GDPR vs. Brazil LGPD | Usercentrics GmbH","twitter_description":"Learn more about the general requirements similarities and differences from GDPR and LGPD.","twitter_site":"@usercentrics","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/","url":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/","name":"EU GDPR vs. Brazil LGPD | Usercentrics GmbH","isPartOf":{"@id":"https:\/\/usercentrics.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/#primaryimage"},"image":{"@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/#primaryimage"},"thumbnailUrl":"https:\/\/usercentrics.com\/us\/wp-content\/uploads\/sites\/7\/2020\/09\/shutterstock_556586302-scaled.jpg","datePublished":"2020-09-15T08:46:23+00:00","dateModified":"2025-06-24T13:52:49+00:00","description":"Learn more about the general requirements similarities and differences\u00a0from GDPR and LGPD.","breadcrumb":{"@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/"}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/#primaryimage","url":"https:\/\/usercentrics.com\/us\/wp-content\/uploads\/sites\/7\/2020\/09\/shutterstock_556586302-scaled.jpg","contentUrl":"https:\/\/usercentrics.com\/us\/wp-content\/uploads\/sites\/7\/2020\/09\/shutterstock_556586302-scaled.jpg","caption":"GDPR vs. Brazil LGPD","copyrightNotice":"\u00a9 Copyright 2026 Usercentrics GmbH","creator":{"@type":"Organization","name":"Usercentrics GmbH"},"creditText":"Image: Usercentrics GmbH"},{"@type":"BreadcrumbList","@id":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Resources","item":"https:\/\/usercentrics.com\/us\/resources\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/usercentrics.com\/us\/knowledge-hub\/"},{"@type":"ListItem","position":3,"name":"EU GDPR vs. Brazil LGPD","item":"https:\/\/usercentrics.com\/us\/knowledge-hub\/eu-gdpr-vs-brazil-lgpd\/"}]},{"@type":"WebSite","@id":"https:\/\/usercentrics.com\/us\/#website","url":"https:\/\/usercentrics.com\/us\/","name":"Usercentrics - US","description":"Consent Management Platform (CMP) Usercentrics","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/usercentrics.com\/us\/?s={search_term_string}"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/knowledge\/295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/knowledge"}],"about":[{"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/types\/knowledge"}],"version-history":[{"count":0,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/knowledge\/295\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/media\/2036"}],"wp:attachment":[{"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/tags?post=295"},{"taxonomy":"magazine_issue","embeddable":true,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/magazine_issue?post=295"},{"taxonomy":"magazine_tag","embeddable":true,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/magazine_tag?post=295"},{"taxonomy":"resource_tag","embeddable":true,"href":"https:\/\/usercentrics.com\/us\/wp-json\/wp\/v2\/resource_tag?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}