LGPD Brazil

Lei Geral de Proteção de Dados Pessoais (LGPD) Compliance

Pandectes GDPR Compliance helps Shopify stores meet LGPD requirements by scanning for cookies, generating reports, and providing updates to ensure compliance.

LGPD Compliance
The #1 cookie consent app for Shopify, trusted by 138k stores

What is LGPD?

The Lei Geral de Proteção de Dados Pessoais (LGPD) is Brazil’s data protection law that regulates the collection, use, and storage of personal data of Brazilian citizens. Effective August 2020, it aligns closely with the EU’s General Data Protection Regulation (GDPR). The LGPD applies to any organization processing personal data related to Brazilian citizens, regardless of the organization’s location. It establishes principles such as data minimization, quality, purpose limitation, transparency, and security. The LGPD also provides rights for data subjects, including access, correction, deletion, and data portability. Additionally, it requires organizations to appoint a Data Protection Officer (DPO) and conduct Data Protection Impact Assessments (DPIA) for new processing activities.

Β 
LGPD Compliance

Who does the LGPD apply to?

The LGPD applies to any organization processing personal data, whether or not based in Brazil, as long as the data pertains to Brazilian citizens.

LGPD Compliance

What happens if I don't comply with the LGPD?

Non-compliance with the LGPD can result in significant fines and penalties. The National Data Protection Authority (ANPD) can impose administrative fines up to 2% of the company’s annual gross revenue or up to 50 million reais (approximately 8.5 million US dollars), whichever is higher.

Fines may be imposed for failing to adhere to data protection principles, not appointing a DPO, neglecting DPIAs, not reporting data breaches, or failing to provide data subject rights under the LGPD. Additional penalties can include orders to cease data processing, rectifying non-compliance, and reprimands. Legal actions from affected individuals are also possible.

When will the LGPD go into effect?

The LGPD came into effect on August 14, 2020. However, the ANPD implemented a transitional period until August 2021, focusing on guidance and education rather than immediate fines and penalties.

Complying with the LGPD

The LGPD is among a growing set of global data privacy laws, with countries like Argentina, Chile, and Mexico also introducing privacy regulations. Navigating these laws can be complex, especially for businesses operating across multiple jurisdictions.

To maintain compliance, stay informed about evolving legislation and consult with legal counsel when new laws are enacted. A Consent Management Platform (CMP) like Pandectes GDPR Compliance can simplify the process by offering customizable consent management, automating data subject access requests, and managing cookies and vendors.Β Pandectes GDPR ComplianceΒ is specifically designed for Shopify stores, helping you achieve and maintain compliance amidst the dynamic data privacy landscape.

Make your Shopify Store's use of cookies and online tracking compliant today
Scroll to Top