Brazil LGPD: Privacy Policy Requirements for Global Businesses
Guide to Brazil's LGPD data protection law, compliance requirements, and what to include in your privacy policy for Brazilian users.
Brazil's LGPD (Lei Geral de Proteção de Dados) came into effect and applies to any business processing personal data of individuals in Brazil, regardless of where the company is based. If you have Brazilian customers or users, your privacy policy needs LGPD-specific disclosures.
LGPD defines 10 legal bases for processing, broader than GDPR's six. Your privacy policy should identify which bases apply to each processing activity, explain data subject rights including portability and deletion, and name your Data Protection Officer (Encarregado).
Enforcement is handled by ANPD (Autoridade Nacional de Proteção de Dados). Penalties can reach 2% of revenue in Brazil up to 50 million BRL per violation. The practical approach is to add LGPD-specific sections to your existing privacy policy rather than creating a separate document.