OneTrust supports you in respecting your data subjects’ privacy rights by streamlining compliance and operationalizing LGPD requirements in a single platform.
LGPD Compliance
Automate compliance with Brazil’s general data protection law
Accelerate time to compliance with LGPD requirements— from the collection of valid consent to the fulfillment of data subject rights.
A centralized solution for trust and LGPD compliance
Simplify data subject requests and automate every phase of the process including intake, identity verification, data discovery, deletion, and secure response.
Maintain a central consent database across all collection points. Easily configure and embed user-facing preference centers and centrally draft, manage and distribute policies and notices.
Automatically discover and classify data across structured and unstructured data in cloud, on-premises, and legacy systems. Link data to identities and map to data inventories to document internal data flows and transfers to third parties.
Leverage pre-built LGPD assessment templates complete with automated risk flagging. Link PIAs, privacy by design (PbD), and vendor assessments to your data map for full visibility into data flows and associated risks.
Centrally track, manage, and report on incidents and automate your incident investigations and workflows. Link incidents to your data map to fully understand incident risk and severity.
FAQs
Are you subject to Brazil’s data privacy laws and if so, what do you need to look out for? We answer some basic questions below.
The LGPD establishes new, fundamental privacy rights for Brazilians. Organizations who process personal data must be transparent about their use of personal data, collect valid consent from their customers, and offer covered natural persons free, timely access to their data. The law also requires companies to post public privacy policies that document each data purpose and inform data subjects of data breaches and other data security lapses.
For more information, read The Ultimate Guide to LGPD Compliance.
The LGPD covers any personal data processing of Brazilians or individuals located in Brazil. This means that even if a company is based outside of the country, it is still subject to the law. Unlike other privacy laws, such as the California Consumer Privacy Act (CCPA) and California Privacy Act (CPRA), there is no size threshold – so even small businesses are subject.
We help you meet the LGPD’s requirements by operationalizing them through a single platform with OneTrust Privacy Operations. Minimize the risk of non-compliance with automated data mapping and discovery, risk assessments, incident tracking, and tools for managing data subjects' rights and consent. Stay up to date with the law’s amendments and rule changes using OneTrust DataGuidance.