LGPD vs GDPR Similarities

Introduction

The General Data Protection Regulation Act of 2016 (‘EU GDPR’) and Lei Geral de Proteção de Dados of 2018 (‘LGPD’) both aim to give strong protection for individuals regarding their personal data collected for business use, or share consumer data, whether the information is obtained online or offline.

The European Union General Data Protection Regulation (‘EU GDPR’) is applicable as of May 25th, 2018, in all member states to adopt data privacy laws across Europe. According to this law, it is mandatory requirements for all the businesses operating within EU states to protect the personal data and privacy of the EU citizens for the transactions that occur between different EU member regions. GDPR compliance applies to the processing of personal data totally or notably by automated means of personal data which form part of a filing system or are intended to the filing a system.

Inspired by the European regulation (General Data Protection Regulation – GDPR), the Brazilian General Data Protection Act (in Portuguese, LGPD, Lei Geral de Proteção de Dados) establishes rules on collecting, handling, storing and sharing of personal data managed by organizations. The LGPD provides data subjects with nine rights, defines what constitutes personal data and creates ten legal bases for lawful processing of personal data.

LGPD vs GDPR Similarities

Business LocationLGPD applies to any business or organization that processes the personal data of people in Brazil, regardless of where that business or organization itself might be located. So, if your company has any customers or clients in Brazil, you should begin preparing for LGPD compliance. 

Consumer AccessBusinesses must comply with a customer's request to access their data.

EnsureBoth Brazil and Europe based customers can request companies to delete their personal information from the organizations' database.

Personal data LGPD echoes of the GDPR’s definition of personal data.  Also, LGPD takes a broad view of what data qualifies as personal data, even more expansive than the GDPR.

Data subject rights While the GDPR is known for granting its data subjects eight fundamental rights, they are essentially the same rights the LGPD mentions.

Similar But in Different Ways

Data protection officers

Any organization that processes the data of people in Brazil will need to hire a DPO.

GDPR outlines certain situations when a DPO is required.

Legal basis for processing data

Article 7 of the LGPD lists ten lawful bases for processing and a data controller must choose one of them as a justification for using a data subject’s information. 

The GDPR has six lawful bases for processing and a data controller must choose one of them as a justification for using a data subject’s information. 

Reporting data breaches

The controller must communicate to the national authority and to the data subject the occurrence of a security incident that may create risk or relevant damage to the data subject in a reasonable time period.

No clarification on“reasonable time period”.

An organization must report a data breach within 72 hours of its discovery (although different organizations are already testing that deadline). 

Damages/Fines

The fines under the LGPD are much less severe. Article 52 states that the maximum fine for a violation is
“2% of a private legal entity’s, group’s, or conglomerate’s revenue in Brazil, for the prior fiscal year, excluding taxes, up to a total maximum of 50 million reals”.

GDPR fines are substantial, requiring organizations that commit grave GDPR violations to pay to up to €20 million or 4% of annual global revenue, whichever is higher.

Download free resource on California CCPA, Virginia CDPA, Colorado CPA and CPRA. - Mandatly Inc.

Related Blogs

The Role of Employee Training in GDPR Compliance and Data Security20240205100131

The Role of Employee Training in GDPR Compliance and Data Security - Mandatly Inc.

DSAR Management
Data Subject requests per month	100
Web based intake form	1
Identity verification methods	Manual
Workflow enabled Data discovery and deletion for systems (application, database, website, file system, products etc.)
Automated data discovery and data feeds from systems	Not Included
Secured delivery with configurable expiration days
Standard workflow (configurable) and email integration
Standard notifications and response templates
Reporting and dashboards
Customized workflow and notification
Remove “Mandatly” Branding

Cookie Compliance
Number of Domains (additional cost for multiple domains)	1
Website Scanning (Pages and sub-domains)	Upto 50 pages
Periodic scanning	Manual
Cookie categorization	Automatic
Predefined banners and layouts
Configurable banners and layouts
Configurable consent categories
Unlimited consent records	upto 50000
Multiple language support
Remove “Mandatly” Branding

Data Inventory
Data Asset (application, database, website, file system, products etc.)	25
Processing activites	100
Pre-built data inventory assessment templates
Auto risk detection
Data elements (Predefined and custom)
Standard workflow (configurable), e-mail Integration and notification
Standard notifications and response templates
Reporting and Dashboard
Create you own data inventory assessment templates, Set up risk rules and alerts
Custom workflow and notification
API integration with external systems
Remove “Mandatly” Branding

Intelligent Assessment
Assessments on Processing activities and Data Sources (Application, Database, Website, Manual, Products etc.)	50
Standard Assessment templates (PTA, PIA/DPIA, PbD)
Configure your own assessments and setup up risks and alerts
Integration with Data Inventory to link data sources and processing activities (RoPA)
Standard Workflow, Notification and Email Integration
Reporting and Dashboard
Custom workflow and notification
Risk assessment and Mitigation
Remove “Mandatly” Branding

DSAR Management
Data Subject requests per month	Unlimited
Web based intake form	10
Identity verification methods	Manual Email Verification
Workflow enabled Data discovery and deletion for systems (application, database, website, file system, products etc.)
Automated data discovery and data feeds from systems	Upto 2 systems
Secured delivery with configurable expiration days
Standard workflow (configurable) and email integration
Standard notifications and response templates
Reporting and dashboards
Customized workflow and notification
Remove “Mandatly” Branding

LGPD vs GDPR Similarities

Introduction

LGPD vs GDPR Similarities

Similar But in Different Ways

Data protection officers

Legal basis for processing data

Reporting data breaches

Damages/Fines

Related Blogs

The Role of Employee Training in GDPR Compliance and Data Security

Explore the Link Between Cybersecurity and GDPR Compliance

International Data Transfers: Understanding Legal Frameworks

EU-U.S. Data Privacy & GDPR: A Symbiotic Bond

PIA Software: Streamlining Privacy Impact Assessments

Getting Started with Privacy Impact Assessment (PIA) Software

LGPD Compliance: Checklist & Best Practices

Brazilian Data Protection Law (LGPD)

Brazils’ LGPD Compliance Guide You Must Read

Key GDPR Compliance Privacy Software Features

General Data Protection Regulation (GDPR)

Understanding the 7 Foundational Principles of Privacy by Design

How to comply with GDPR Cookie Compliance?

How to comply with GDPR regulation?

Nigeria NDPR vs Europe GDPR : Similarities & Differences

PIPEDA vs GDPR: Key Similarities & Differences

EU GDPR Compliance for Small Business Owners

GDPR vs CCPA: Key Differences and Similarities

Free

Basic

Professional

Enterprise

Get a Free Demo of Mandatly's

Data Inventory
Data Asset (application, database, website, file system, products etc.)	100
Processing activites	1000
Pre-built data inventory assessment templates
Auto risk detection
Data elements (Predefined and custom)
Standard workflow (configurable), e-mail Integration and notification
Standard notifications and response templates
Reporting and Dashboard
Create you own data inventory assessment templates, Set up risk rules and alerts
Custom workflow and notification
API integration with external systems
Remove “Mandatly” Branding