Andre Paris on Brazil’s Data Protection Law [Podcast]


By Adam Turteltaub

With one of the largest economies in the world and serving as the South American home for many global businesses, Brazil is a country for compliance teams to watch, and their laws are very much worth heeding. That includes the Brazilian General Data Protection Law (LGPD), which entered into force on September 18, 2020.

As Andre Paris (LinkedIn), Professor and Privacy & Compliance Consultant explains in this podcast, the law contains 10 principles including:

  • Data should be processed only for specific, legitimate, explicit purposes
  • Data quality needs to be maintained
  • Companies must be transparent about how data is used
  • A security regime must be in place
  • The data should not be used in a discriminatory matter

It is very similar to and consistent with the European General Data Protection Regulation (GDPR) and includes a number of rights for data subjects, such as access to personal data held by the organization, the ability to correct outdated and incorrect data, and the blocking or deletion of unnecessary data.

The law applies to any data collected in Brazil, regardless of the citizenship of the individual.

So how can compliance teams address the law’s requirements? He recommends several steps:

  • Secure the support of leadership
  • Search for someone with privacy expertise to serve as the data protection officer
  • Train the workforce on what is essential data
  • Map your data
  • Determine which law authorizes the processing of data
  • Identify any and all risks inherent in the organization’s operations

Listen in to learn more about how to ensure your organization is in compliance with Brazil’s LGDP.