Integrate. Automate. Comply
Schedule a Demo
secure privacy badge logo
Solutions
GDPR (Europe)ePrivacy (Europe)LGPD (Brazil)CCPA (California)PDPA (Thailand)UK Data Protection ActIAB TCF (Europe)PIPEDA (Canada)CNIL (France)
european union flag badge
Features
Cookie Consent BannerPreferences CenterCookie & Privacy PolicyConsent LogCookie & SSL Scanner70+ Language Support
Cookie Banner Generator
Technologies
HubspotWordpressMagentoAdobe Tag ManagerWixShopifyDrupalGoogle Tag ManagerWeeblySquarespaceWebviewSitecoreUmbracoJoomlaSharepointBigcommerceGoogle Consent ModeVue.Js
Hubspot badge
Pricing
Small Business PlansEnterprise BenefitsBecome a reseller
BlogSupport
October 5, 2019

LGPD vs GDPR: What are the Key Similarities and Differences

In this article, we explore how LGPD compares with GDPR.

Brazil approved the General Data Protection Law (LGPD) on 14th August 2018, in a move that has been termed as being inspired by the European Union’s implementation of the General Data Protection Regulation (GDPR) on 25th May 2018. The new law is expected to substitute and complement current legal practices by overseeing the handling and use of personal information by both the public and private sectors. The LGPD is scheduled to come into effect on 15th August 2020.

With this in mind, let us explore how LGPD compares with GDPR.

Key Similarities between LGPD and GDPR

Territorial Scope

Both LGPD and GDPR apply to any individual or business that processes personal data within their respective jurisdictions, which are Brazil and the European Union, irrespective of where this processing is conducted.

Data Subject Access Requests

Similar to the European Union, data subjects in Brazil are allowed to request access to their information, in addition to having the right to be forgotten under the LGPD.

Data Protection Officers

The GDPR provides for the appointment of a DPO when;

  • You are a public entity
  • Your primary processes involve large scale, regular, and organized monitoring of persons
  • Your core activities comprise large scale processing of unique information classifications connected to criminal prosecutions and offenses

In the event that your company does not engage in such activities, Article 29 of GDPR recommends the appointment of a DPO, regardless, as corporate best practice.

LGPD also requires businesses to appoint a DPO to oversee their data processing activities.

Take a look at the 2022 LGPD updates.

Key Differences between LGPD and GDPR

Legal Bases for Data Processing

Under GDPR, your company is subject to six legal bases. They include;

  • Explicit consent
  • Public task
  • Legal responsibility
  • Legitimate interest
  • Contract performance
  • Vital interest

On the other hand, LGPD has four additional bases, expanding the number to 10. The bases in question are;

  • Consent
  • Contractual performance
  • Legal obligation
  • Life Protection
  • Health Protection
  • Legitimate Interest
  • Protection to credit
  • Public task
  • Research by public study entities
  • Exercise of privileges in legal proceedings

    Take a look at our Data Processing Agreement Guide

Fines

When it comes to penalties for violations, the LGPD appears to be lenient to companies found guilty of malpractices compared to GDPR. Essentially, with GDPR, companies can face fines of up to 4 percent of their yearly revenue or 20 million Euros, whichever is higher.

In contrast, LGPD will penalize companies found to violate this regulation up to 2 percent of their yearly revenue from Brazil or 50 million Brazilian Reals, whichever is higher.

Data Breach Notifications

Although both regulations have made notifications about data breaches compulsory, the requirements are different. On the one hand, GDPR has a stringent 72-hour timeline within which companies are obligated to report to Data Protection Authorities about a breach.

 In contrast, LGPD does not provide a definite timeline for breach notifications to be made. Instead, it requires this report to be made within a ‘reasonable’ timeframe.

Learn more about how to become LGPD compliant or GDPR compliant with Secure Privacy.

See what are the LGPD Cookie Banner Requirements.

Download your free LGPD e-book and have it delivered directly into your inbox.

Schedule a call to learn more

GDPR certificate

How to Get Your Free GDPR Certificate with Secure Privacy

Secure Privacy offers a Free GDPR Certification Course. In this blog post, we will discuss how to get your GDPR certificate with Secure Privacy and its benefits.

  • Data Protection
  • GDPR
Shopify Privacy Policy

A Comprehensive Guide to Creating a Privacy Policy for Your Shopify Store

Online store owners must comply with privacy laws, including GDPR, CCPA, and CalOPPA, by having a privacy policy page on their website's footer menu to inform visitors of their data privacy practices and legal compliance. Look at our Comprehensive Guide to learn how to create your Shopify Privacy Policy.

  • Data Protection
oman privacy law

All You Need to Know About the 2023 Oman Data Protection Law

The Oman Personal Data Protection Law (PDPL) came into effect in February 2023, introducing new legal requirements for businesses that process personal data. The law is based on the opt-in principle, meaning that businesses can only process personal data if the user consents or if there is another legal basis. This aligns the PDPL requirements with those prescribed by the General Data Protection Regulation (GDPR) in the European Union. However, there are nuances that make this law different, which is precisely what this article will explore.

  • Data Protection