LGPD (Lei Geral de Proteção de Dados)
LGPD is Brazil’s comprehensive data protection law, covering both online and offline processing of personal data. It introduces principles and obligations similar to GDPR – such as purpose limitation, necessity, transparency, security and accountability – but with its own definitions, legal bases and regulatory expectations.
GDPR Register helps organisations structure their LGPD compliance while keeping it aligned with wider global privacy programmes.
Data mapping aligned with LGPD
A clear understanding of where and how personal data is processed is central to LGPD.
With GDPR Register you can:
- Map processing activities involving data subjects in Brazil or operations in Brazil in a central register
- Document purposes, categories of data subjects and personal data (including sensitive personal data), recipients and international transfers
- Capture legal bases under LGPD, including consent, legitimate interest, contract and legal/regulatory obligations
- Import existing Excel-based data maps and convert them into a structured, maintainable inventory
Risk assessments and high-risk processing
LGPD expects controllers and processors to adopt security, technical and administrative measures suitable to the risks involved.
GDPR Register enables you to:
- Run risk assessments for processing that may pose higher risks to individuals, such as profiling, large-scale processing or sensitive data use
- Use a risk matrix to assess likelihood and impact, and prioritise mitigation work
- Link risks to specific processing activities, systems and vendors handling Brazilian personal data
- Define mitigation measures, assign owners and deadlines, and track progress over time
Processor and third-party oversight
LGPD places responsibility on controllers to oversee processors and other parties handling personal data on their behalf.
With GDPR Register you can:
- Maintain a central register of processors and third parties that process personal data under LGPD
- Track contracts, including clauses dealing with instructions, security, confidentiality and international transfers
- Record locations and transfer mechanisms where data leaves Brazil or involves cross-border processing
- Integrate processor-related risks into your overall privacy and security risk view
Data subject rights under LGPD
LGPD gives individuals rights such as confirmation of processing, access, correction, anonymisation, deletion, portability and information about sharing.
GDPR Register helps you:
- Log and manage data subject requests from Brazilian data subjects in one place
- Categorise requests by type (access, correction, deletion, portability and so on) and track deadlines and status
- Link each request to the relevant processing activities and systems to streamline response work
- Maintain an audit trail of decisions and responses, including where legal or regulatory obligations limit deletion or other actions
Part of a multi-regulation approach
Many organisations subject to LGPD are also dealing with GDPR, UK GDPR, US state laws and other regional frameworks.
GDPR Register supports this by:
- Allowing you to reuse your core data inventory across jurisdictions, adding LGPD-specific fields and tags where needed
- Providing configurable templates so risk assessments and records can reflect Brazilian requirements alongside others
- Offering dashboards and filters to see which activities, systems and vendors are in scope of LGPD as well as other laws
In short: GDPR Register gives you a structured way to implement LGPD – from data mapping and risk assessments to processor oversight and data subject rights – while fitting naturally into a broader, multi-jurisdiction privacy strategy.