Brazil LGPD

What is the Brazil LGPD?


Lei Geral de Protecao do Dados (LGPD) is Brazil’s response to the GDPR. Brazil was one of the first major economies worldwide to pass data protection legislation that mimics the EU regulation.

LGPD follows the same general principles, imposes similar duties to businesses, and grants data subjects with privacy rights. The duties of businesses processing the personal data of Brazil residents include:

  • Obtain consent (with withdrawal mechanisms)
  • Conduct DPIAs for high-risk activities
  • Implement technical and organizational measures for data security
  • Notify authorities and individuals of data breaches
  • Implement safeguards for cross-border transfers
  • Facilitate data subject rights (access, rectify, erase, restrict)
  • Appoint a data protection officer (DPO)
  • Maintain data processing records
  • Implement data protection policies
  • Train employees on data protection practices
  • Transparent privacy policy
  • Data retention & secure disposal
  • Incident response plans

In relation to their data, Brazilians can submit requests to:

  • Access
  • Deletion
  • Data portability
  • Correction
  • Restrict processing
  • Object to automated decision-making
  • File a complaint to the ANPD (the data protection authority in Brazil).

MergeBase and the Brazil LGPD


The LGPD applies only to companies processing data within Brazil or of Brazilian residents, which means it does not apply to MergeBase. However, we comply with the LGPD when we interact with Brazilian individuals.

Despite it not applying to us, MergeBase already meets all the requirements for LGPD compliance, and we can help you comply with this law as well.


How Can MergeBase Help You Comply with the Brazil LGPD


LGPD is a comprehensive data protection law that goes well beyond data security. However, one of the most important duties in protecting personal data is ensuring that the data is safe.

Our expertise in data security is an integral part of a broader approach to data protection. At MergeBase, we elevate your data protection strategy by enhancing your data security measures.

Our approach involves continuous scanning of open-source components within applications, a typical repository for personal data. This rapid detection of vulnerabilities enables you to resolve security issues quickly, thereby preventing data breaches and ensuring compliance with the highest security standards.

In addition, we categorize vulnerabilities by their severity and likelihood of exploitation. This allows you to concentrate your efforts on the most significant security risks and promptly address the most critical threats to personal data.

Finally, our detailed vulnerability reports are designed to integrate seamlessly with your patch management tools. This integration streamlines the remediation process, ensuring vulnerabilities are addressed efficiently and effectively. The result is a fortified defense, minimizing the exposure of personal data and significantly enhancing its protection.