Category Archive Novo Regulamento de Proteção dos Dados

The General Data Protection Law (LGPD) in Brazil



By Marcelo Carvalho, DATAPEERS commercial in Brazil

The LGPD (Law No. 13.709, of 08/14/2018) entered into force in Brazil on September 18, 2020 and with this we became part of a select group of countries that have specific legislation for the protection of personal data of its citizens.


The main goals of the LGPD are:
• Ensure the right to privacy and protection of users’ personal data through transparent and secure practices, guaranteeing the fundamental rights of Brazilians;
• Establish clear rules regarding the processing of personal data;
• Promote competition and free economic activity with data portability;
• Strengthen the security of legal relationships and the holder’s trust in the processing of personal data;


LGPD compliance is not an option. A company that does not comply with security regulations is subject to a fine of up to 2% of its revenue and amounts that reach R$50 million, and may have its activities suspended by the National Data Protection Authority.

The Importance of Data Anonymization and DATAPEERS


The General Law for the Protection of Personal Data mentions anonymized data, which is that which originally was related to a person, but which went through stages that ensured its unlinking from that person. If data is masked, then LGPD will not apply to it. It is noteworthy that a data is only considered effectively anonymized if it does not allow, via technical and other means, to reconstruct the path to “discover” who the owner of the data was – if in any way the identification occurs, then it is not fact, anonymized data is pseudonymized data and will then be subject to the LGPD.


According to specialists, masked data are essential for the growth of artificial intelligence, the internet of things, machine learning, smart cities, behavior analysis, among others. They also indicate that, whenever possible, a public or private organization performs the anonymization of personal data, as this improves information security in the organization and thus generates more trust in its services and for its audiences.


DATAPEERS is an innovative and automated solution that allows data anonymization and masking and helps companies comply with the privacy requirements of their data, increasing the quality of software development, testing and certification processes, ensuring greater flexibility and protection of information that sometimes needs to be shared with customers, suppliers and service providers.


DATAPEERS ensures that sensitive data is replaced with new anonymized data and that new data is secure and consistent based on the originals.

GDPR vs LGPD: the similarities and diferences

It is likely that you have heard of LGPD or GDPR, and even know the main purpose of the regulation. However, despite having the same basic concept, they also have some differences that you should know, especially if you are operating simultaneously in the European and Brazilian markets.

To help you, we briefly clarify the main SIMILARITIES AND DIFFERENCES between the two regulations.

 GDPRLGPD
DescriptionGeneral Data Protection Regulation  General Data Protection Law
Date of entry into force May 25, 2018 August 20, 2020  
WhereEuropean Union  Brazil
Who overseesCNPD (National Data Protection Commission) ANPD (National Data Protection Authority)  
Main Concepts  • Protection of Personal Data (name, email …) • Regulates consumers’ rights and duties of companies regarding data collection and processing • Determines the concept of sensitive personal data  
User guarantees  • More Privacy • Stricter control over your personal information • Greater transparency  
Security MeansThe data must be encrypted and masked in databasesGuidance for keeping data safe (each company defines how to protect it)  
  International ApplicationCompanies that collect, store and use EU citizen data must match the GDPR  • Companies that collect, store and use data from Brazilian citizens must comply with the LGPD • Companies in Brazil that have their business in the EU must adopt the 2 standards
Data Portability  • The holder is entitled to require that his data be transferred to another service provider • The holder must be informed about all transitions / portabilities to which his data is subject.
Data leakage  • Must be reported within 72 hours after being detected • The consumer must be informed  • Must be reported shortly after being detected • The consumer must be informed
Consent to obtain data  • Explicit consent • You may have to demonstrate to the authorities how you got permission from the holder  • Holder consent is not required
  Exceptions• Execution of a public policy provided for by law • Compliance with a legal obligation • Conducting studies through research bodies • Protection of a citizen’s credit • Preserving a citizen’s life and physical integrity

GDPR: Main features and how to avoid fines

Two years after the enactment of GDPR in the European Union, we hereby recover its main characteristics. The General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, presents a single set of rules relating to the protection of individuals with regard to the processing of personal data and the free movement of such data. 

This regulation began to be enforced on 25 May 2018, and applies to companies that are established or operate within the European Union.  This law came about mainly due to the impulse of electronic commerce, with the aim of protecting and guaranteeing a higher level of security for European consumers in this digital environment. The new regulation defines how companies and public entities collect and process their customers’ personal data. 
Read More

GDPR: What has changed throughout its implementation?

Much has been said about the GDPR in 2018. The new regulation came into force in May last year and thousands of news related to the law came out. A year and a half after its arrival, few people talk about this legislation that promised to drastically change the way companies relate to their customers and business partners. We are currently experiencing a “non-reaction” phase to the GDPR, which could compromise data security and could result in huge fines for non-compliant. We will understand in this article what is the state of play regarding the General Data Protection Regulation!

Read More

How does RGPD affect a business-customer relationship?

GDPR came into force in May 2018 and, after a troubled period of adaptation, companies are calmer and apparently better prepared to comply with the new legislation. However, there are still some doubts as to the actual changes that the GDPR will bring to companies. In today’s article, we explain how GDPR affects the relationship between companies and customers!

Read More

7 questions about RGPD that you need to know how to answer

GDPR arrived in May 2018, but doubts do not stop appearing. Not all organizations feel prepared to comply with the procedures of the new law. That’s why we’ve prepared 7 questions about RGPD that need to be answered!

Read More

How to apply GDPR in Google Analytics?

Google Analytics is one of the tools most used by marketers, since it allows analyzing and understanding the behavior of website visitors. However, with the entry into force of the GDPR many questions have arisen regarding the legitimacy of continued use of this tool. Google Analytics uses visitor data, so you need to be careful not to break the law. In today’s article, we’ll explain how to apply GDPR in Google Analytics.

Read More

Find how data masking can prevent RGPD fines

GDPR fines are high and in case of default there is much more to lose than just money: reputation, good image with customers and trust by stakeholders is damaged and may even lead to the end of the business. Therefore, it is essential for companies to be able to protect their information at different stages of the data-processing process, and masking of data is increasingly becoming an alternative that companies use. In today’s article, let’s see how data masking can prevent GDPR fines!

Read More

“I was fined for violating GDPR. What should I do?”

The GDPR is already in place and has already begun to make its first “victims”. Many people doubted the existence of large fines, but the truth is that several European companies were fined due to legal failures. Among the main causes of fines are the following: undue access to data by an excessive number of users, breach of data integrity and confidentiality due to lack of preventive measures and inability to ensure the technical implementation of previous measures. Companies that are fined for failure to comply with the new legislation have a long way to go to regain the trust of their customers and other stakeholders. In today’s article, we leave some tips for getting back on the heels of a GDPR fine!

Read More

7 tips for rapid adaptation to GDPR

The process of adapting the General Regulation on Data Protection (GDPR) to the Portuguese reality has not been easy. Although the European diploma has been in force since May 25, 2018, there are still many companies that fail to meet all the standards associated with the new legislation. The National Comission of Data Protection has passed fines to defaulters and it is urgent that companies work to comply with all the obligations that exist in the law. In today’s article, we present 7 tips for rapid adaptation to GDPR!

Read More