LGPD Compliance
Pandectes GDPR Compliance helps Shopify stores comply with the Lei Geral de Proteção de Dados Pessoais (LGPD) by scanning and identifying cookies and tracking technologies in use. Our scan generates a report that classifies these technologies according to regulatory guidelines and provides options for updates to ensure compliance with LGPD.
What is LGPD?
The Lei Geral de Proteção de Dados Pessoais (LGPD) is Brazil’s data protection law that regulates the collection, use, and storage of personal data of Brazilian citizens. Effective August 2020, it aligns closely with the EU’s General Data Protection Regulation (GDPR). The LGPD applies to any organization processing personal data related to Brazilian citizens, regardless of the organization’s location. It establishes principles such as data minimization, quality, purpose limitation, transparency, and security. The LGPD also provides rights for data subjects, including access, correction, deletion, and data portability. Additionally, it requires organizations to appoint a Data Protection Officer (DPO) and conduct Data Protection Impact Assessments (DPIA) for new processing activities.
Who does the LGPD apply to?
The LGPD applies to any organization processing personal data, whether or not based in Brazil, as long as the data pertains to Brazilian citizens.
What happens if I don't comply with the LGPD?
Non-compliance with the LGPD can result in significant fines and penalties. The National Data Protection Authority (ANPD) can impose administrative fines up to 2% of the company’s annual gross revenue or up to 50 million reais (approximately 8.5 million US dollars), whichever is higher.
Fines may be imposed for failing to adhere to data protection principles, not appointing a DPO, neglecting DPIAs, not reporting data breaches, or failing to provide data subject rights under the LGPD. Additional penalties can include orders to cease data processing, rectifying non-compliance, and reprimands. Legal actions from affected individuals are also possible.
When will the LGPD go into effect?
The LGPD came into effect on August 14, 2020. However, the ANPD implemented a transitional period until August 2021, focusing on guidance and education rather than immediate fines and penalties.
Complying with the LGPD
The LGPD is among a growing set of global data privacy laws, with countries like Argentina, Chile, and Mexico also introducing privacy regulations. Navigating these laws can be complex, especially for businesses operating across multiple jurisdictions.
To maintain compliance, stay informed about evolving legislation and consult with legal counsel when new laws are enacted. A Consent Management Platform (CMP) like Pandectes GDPR Compliance can simplify the process by offering customizable consent management, automating data subject access requests, and managing cookies and vendors. Pandectes GDPR Compliance is specifically designed for Shopify stores, helping you achieve and maintain compliance amidst the dynamic data privacy landscape.