This is a five-part series aimed at helping global privacy professionals better understand the operational impacts of Brazil's new General Data Protection Law. The series addresses the LGPD in its current form, taking into account that, once formed, the national data protection authority, the Autoridade Nacional de Proteção de Dados, is authorized under various articles of the law to issue guidance on interpretation and expand upon certain provisions.
Part 1: Processing, rights and DSARs
Part one of the series addresses the types of data within the scope of the law, along with data subject rights and processing obligations.
Part 2: Security, secrecy of data, good practice and governance
Part two of the series continues by considering the areas of accountability, security, secrecy of data, good practice and governance within the LGPD.
Part 3: International transfers
Part three covers the conditions necessary to enable international transfers of personal data, including the mechanisms for such transfers, under the law.
Part 4: DPOs
Part four investigates the obligations of personal data processing agents, including data protection officers, controllers and processors.
Part 5: Enforcement mechanisms and sanctions
Part five explores the LGPD’s sanctions and enforcement mechanisms, as well as the private right of action and litigation issues within the Brazilian data protection regime more broadly.