The Lei Geral de Proteção de Dados (LGPD), effective since 2020, establishes comprehensive data protection rules for personal data processing in Brazil. Modeled on GDPR but adapted for Brazilian legal traditions, it covers consent, data minimization, purpose limitation, and cross-border transfers.
The ANPD (National Data Protection Authority) enforces the law with penalties up to 2% of revenue (R$50M cap per infraction). The framework applies to any organization processing data of people in Brazil, regardless of where the company is located.
Brazil's data protection stack — Marco Civil (2014) + LGPD (2020) + AI regulation (in progress) — positions the country as a governance leader in the Global South. For multinational companies, LGPD compliance is a prerequisite for operating in Brazil's 220-million-person digital market.