It is likely that you have heard of LGPD or GDPR, and even know the main purpose of the regulation. However, despite having the same basic concept, they also have some differences that you should know, especially if you are operating simultaneously in the European and Brazilian markets.
To help you, we briefly clarify the main SIMILARITIES AND DIFFERENCES between the two regulations.
|Description||General Data Protection Regulation||General Data Protection Law|
|Date of entry into force||May 25, 2018||August 20, 2020|
|Who oversees||CNPD (National Data Protection Commission)||ANPD (National Data Protection Authority)|
|Main Concepts||• Protection of Personal Data (name, email …) • Regulates consumers’ rights and duties of companies regarding data collection and processing • Determines the concept of sensitive personal data|
|User guarantees||• More Privacy • Stricter control over your personal information • Greater transparency|
|Security Means||The data must be encrypted and masked in databases||Guidance for keeping data safe (each company defines how to protect it)|
|International Application||Companies that collect, store and use EU citizen data must match the GDPR||• Companies that collect, store and use data from Brazilian citizens must comply with the LGPD • Companies in Brazil that have their business in the EU must adopt the 2 standards|
|Data Portability||• The holder is entitled to require that his data be transferred to another service provider • The holder must be informed about all transitions / portabilities to which his data is subject.|
|Data leakage||• Must be reported within 72 hours after being detected • The consumer must be informed||• Must be reported shortly after being detected • The consumer must be informed|
|Consent to obtain data||• Explicit consent • You may have to demonstrate to the authorities how you got permission from the holder||• Holder consent is not required|
|Exceptions||• Execution of a public policy provided for by law • Compliance with a legal obligation • Conducting studies through research bodies • Protection of a citizen’s credit • Preserving a citizen’s life and physical integrity|