5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: April 11, 2023
Published: September 16, 2020
The enactment of the European Union's General Data Protection Regulation (GDPR) ignited a worldwide wave of privacy regulations. California and New York, two economically impactful US states, followed suit soon after the GDPR's implementation. These three pieces of legislation impact commerce and data processing all over the world.
Brazil recently joined the trend with its General Law for the Protection of Personal Data (Lei Geral de Proteção de Dados Pessoais in Portuguese, or LGPD). After multiple delays and an unclear outlook, the Brazilian Congress recently changed course and made its sweeping data privacy law effective soon.
If you're an Osano user, there's no need to fear. Osano keeps you compliant with this new regulation and protects you against penalties when you collect, process, and share Brazilian users' data. To help you understand these changes, let's briefly go over the LGPD and its timeline.
With 200 million people, Brazil is considered one of the most internet-connected countries in the world. Like other countries, it recognized a need for a data privacy law and supervisory authority to protect its nationals and their personal data. Just like the GDPR, LGPD is transborder legislation, meaning it applies to all organizations that process data on Brazillian data subjects, even if they aren't incorporated in Brazil.
The LGPD is inspired by the GDPR, though its scope is slightly different. It defines data processing similarly to GDPR. It also establishes similar data subject rights that grant people authority over how their data is collected, used, and shared, though their scope varies. LGPD establishes fines, but the penalties aren't as substantial as the GDPR. Under LGPD, organizations that fail to abide by the law could face penalties of 2% of their yearly revenue up to 50 million reals (about USD $12 million). (Read our full explainer for details.)
The Brazilian Senate signed the LGPD into law on August 14, 2018. On July 8, 2019, Brazilian President Jair Bolsonaro approved the final version of the law. Read the full text here.
The LGPD was originally set to take effect in February 2020. Still, legislators extended the deadline another six months until August 2020 to give policymakers and organizations some more time to implement the law's requirements.
Due to the Covid-19 pandemic, however, both the Brazilian Congress and President Bolsonaro wanted to delay the rollout again. Congressional efforts failed, but Bolsonaro issued Provisional Measure No. 954 (what would be called an executive order in the US) to delay the new law until May 2021 and enforcement until August 2021.
Under Brazilian law, provisional measures are merely emergency actions that only last for 60 days, though Congress can renew them. If a temporary measure isn't enacted into law by Congress, it expires. In June, Congress passed, and Bolsonaro signed legislation that establishes the enforcement date of August 1, 2021. But they failed to address the overall delay of LGPD's effective date. The House of Representatives approved a postponement until December 2020, but the Brazilian Senate rejected it, thereby setting an immediate enactment date of August 27, 2020.
The final bill now heads to the president's desk to be sanctioned or vetoed. That should happen by mid-September. It will have a retroactive applicability date of August 14, 2020. Will Bolsonaro sign the bill? We don't know for sure, but all signs indicate that he will.
Hours after the Senate's decision, the Brazilian federal government published Decree No. 10.474/2020, which approves the regulatory entity that was created in the LGPD. This entity - the Brazilian Data Protection Authority (In Portuguese, the Autoridade Nacional de Proteção de Dados, or ANPD) - is endowed with technical and decision-making autonomy. It's tasked with overseeing personal data protection measures, investigating and enforcing the LGPD, developing relevant guidelines, and promoting cooperation actions with data protection authorities in other countries. Essentially, this is the LGPD's supervisory authority.
The publication of this decree and the creation of ANPD is a strong indication that Bolsonaro will sign the bill and LGPD will be law, effective immediately. Privacy advocates in Brazil view these motives positively.
As a data privacy platform, our goal is to help you stay compliant with data regulation, no matter where it happens. Security and compliance are critical to your business. Our platform is 100% compliant with Brazil's new data protection legislation and other landmark data privacy laws like GDPR, CCPA, and New York's SHIELD Act. We continuously monitor the data privacy landscape and quickly modify our platform and procedures any time new regulation appears.
If you aren't an Osano user yet, it's essential to understand that this data privacy trend won't stop. As pressure mounts, more countries will enact similar policies. Avoid the expense and hassle of becoming compliant at the last moment by using Osano. Get started today.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.