LGPD Compliance

Pandectes GDPR Compliance helps  Shopify Stores comply with the Lei Geral de Proteção de Dados Pessoais (LGPD) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with LGPD.

LGPD Compliance
The #1 cookie consent app for Shopify, trusted by 58.000 stores

What is LGPD?

The Brazilian General Data Protection Law (LGPD) is a data protection law that regulates the collection, use, and storage of personal data of Brazilian citizens. It came into effect on August 2020. It is considered one of the most comprehensive data protection laws in Latin America and is similar to the EU’s General Data Protection Regulation (GDPR). The LGPD applies to any company that processes personal data, regardless of whether the company is based in Brazil or not, as long as the data relates to Brazilian citizens. It establishes principles such as data minimization, data quality, data purpose limitation, data storage limitation, data transparency, data security and data protection by design, among others. It also establish specific rights for data subjects, such as the right to access, correct, and delete personal data, as well as the right to data portability. The law also requires companies to appoint a Data Protection Officer (DPO) and to conduct Data Protection Impact Assessments (DPIA) before implementing new data processing activities.

LGPD Compliance

Who does the LGPD apply to?

The LGPD applies to any company or organization that processes personal data, regardless of whether the company or organization is based in Brazil or not, if the data processing activities are carried out in the Brazilian territory.

LGPD Compliance

What happens if I don't comply with the LGPD?

Failing to comply with the Brazilian General Data Protection Law (LGPD) can result in significant fines and penalties. The LGPD gives the National Data Protection Authority (ANPD) the power to impose administrative fines for non-compliance. The fines can be up to 2% of the company’s gross revenue or up to 50 million reais (which is the equivalent of around 8.5 million US dollars) whichever is higher.

Fines can be imposed for a variety of reasons, including failure to comply with the principles of data protection, failure to appoint a Data Protection Officer (DPO), failure to conduct a Data Protection Impact Assessment (DPIA), failure to report a data breach, and failure to provide individuals with their rights under the LGPD.

In addition to fines, supervisory authorities can also impose other penalties, such as ordering companies to stop processing personal data, requiring companies to rectify non-compliance, and issuing reprimands.

In some cases, non-compliance with LGPD can also result in legal action being taken against a company by individuals whose personal data has been affected.

It’s important to note that LGPD compliance is not only about avoiding fines and penalties, but also about protecting people’s personal data and respecting their rights.

When will the LGPD go into effect?

The Brazilian General Data Protection Law (LGPD) went into effect on August 14th, 2020. However, the National Data Protection Authority (ANPD) has implemented a transitional period until August 2021, in which it will prioritize guidance, education and awareness-raising over fines and penalties for non-compliance with the LGPD.
Scroll to Top
Have questions? Learn how Pandectes can help you!