Iubenda logo
Start generating
Google Badge
The easiest way to get Google Consent Mode. Start measuring Google Analytics traffic and Google Ads conversions even when the consent banner is rejected.
Set up Google Consent ModeSet up Google Consent Mode

LGPD compliance for your site, app and business

The LGPD is Brazil's new General Data Protection Law. Thought to be inspired by the GDPR, it also differs in several important ways. The law places new requirements on businesses, and therefore new legal and technical burdens as well. Compliance can be complicated — figuring out the right way to make both legal and technical specifications work for your site and business can be incredibly challenging. Our compliance solutions do the heavy legal and technical lifting so that you can focus on growing your business.

Read all about the LGPD in our detailed guide

Start generating

LGPD target shield icon

Does the LGPD apply to you?

The LGPD applies in two scenarios:

If your processing activities fall within either category, then the law applies to you.

What's required for LGPD compliance

LGPD world icon

Detailed disclosures via Privacy Policy

Requirement

Under the LGPD, companies must include specific disclosures about their processing of user data in their privacy policies. This information must be made available in a clear, adequate, and notable manner, and should be easily accessible throughout your website/app.

Invalid document icon

Policies are invalid if they're missing the right information

In order to be compliant, your policy must at the very least contain:

  • the specific purpose of the processing;
  • the type of processing and the duration of the processing;
  • the identity and contact details of the data controller;
  • information about who the data is shared with and why;
  • the responsibilities of any processors or agents that will carry out the processing;
  • the applicable user rights and how they can be exercised.

Read more about user rights under the LGPD

Solution
Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

With one-click activation for displaying LGPD related language, disclosures, and instructions, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app. All our policies are customizable from 2000+ clauses, available in 14 languages, crafted by our lawyers and automatically updated if the law changes.

Explore
Desktop cookie banner

Display a cookie banner and block cookies before consent

Recommended

If you operate in Brazil or have Brazilian users, it’s recommended to display a cookie banner and to ask your users’ consent before installing any non-technical cookies.

Solution
Cookie Solution icon

Privacy Controls and Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, CPRA (CCPA amendment) and LGPD. Integrated with the IAB TCF and CCPA Compliance Framework.

Our solution allows you to display a fully customizable cookie banner/consent banner, collect cookie consent, implement prior blocking (including auto-blocking), set advertising preferences, and more.

Explore
Desktop cookie banner

Valid records of the Consent you collect

Requirement

Like the GDPR, the LGPD establishes certain rules for how consent must be collected. In order to make your forms LGPD compliant - regardless of how many users you have - consent must be "free, informed and unambigious". This means that your contact, newsletter and registration forms must clearly state your intentions, link to your privacy policy, and collect opt-in consent for different activities.

Under the LGPD the burden of proof to demonstrate valid consent lies with you. In order to comply, you're required to keep records of consent that prove consent was collected in a legally compliant way.

Solution
Consent Solution icon

Consent Database

Our Consent Database hooks onto your web-forms to let you automatically pass consumer preference details like opt-out via API to a centrally managed visual consent dashboard.

Our solution lets you record all relevant aspects of the consent collected including:

  • user details like id, email and IP address;
  • date and time of opt-in or opt-out;
  • whether or not the consent was verified via double opt-in;
  • document version available to the user at the time of opt-in (e.g. privacy policy, terms and conditions); and
  • the means by which the consent was collected (e.g. details of the web form).
Explore

Up-to-date records of your data processing activities

Requirement

Under the LGPD, it is mandatory that you keep records of your data processing activities — regardless of the size of your business, how often you process data or the nature of the processing you do.

User icon Plus icon Cursor icon
Checkmark empty icon Checkmark checked icon
Checkmark empty icon Checkmark checked icon
Cursor icon
Pencil icon Paper icon
Earth icon Shield icon
Solution
Internal Privacy Management icon

Register of Data Processing Activities

Our Register of Data Processing Activities lets you easily create, manage and maintain records of your data processing activities, so that you can meet mandatory LGPD requirements.

The solution records:

  • security details such as which members of your organization has access to user data;
  • any registered processors or operators processing data on your behalf;
  • manually added purposes for the processing;
  • which legal basis apply to particular processing activities,
  • data collection methods and more.
Explore
Fine risk icon

Penalties and fines for LGPD non-compliance

The legal consequences for non-compliance can include fines of 2% of your company’s annual turnover – up to BRL 50 million (currently roughly €8M or US$9M) – per violation. Not all LGPD infringements lead to fines: sanctions may include official reprimands, periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists), suspended databases, and liability damages.

More about consequences of LGPD non-compliance

Trusted by over 130,000 clients in 100+ countries

Armani hotel Milano logo
Peuterey logo
Mitsubishi logo
Save the Children logo
Lamborghini logo
Ryanair logo
Last Minute logo
MaxMara logo
Criteo logo
Etro logo
Honda logo
Sony Music logo
Siemens logo
Treedom logo
WWF logo
Unicef logo
Mailboxes logo
Virgin logo
Victorias Secret logo
Capterra rating

“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”

Start generating

TRY BEFORE YOU BUY or STAY WITH THE FREE OPTION

3039889 self-updating documents already generated

FAQ

What is personal data under the LGPD?

Personal data under the LGPD is any information that relates to an identified or identifiable living person. This includes details that, when collected together, can lead to the identification of a person, like (but not limited to) name, IP address or personal email address.

More on personal data under the LGPD

How does LGPD differ from GDPR?

The LGPD can be considered as Brazil's answer to the GDPR – with the Brazilian law aligning with the European Regulation in many ways, while differing in others, like the 10 legal bases.

More about LGPD vs GDPR

Documentation and Guides

See all Guides

All our products are WCAG Level AAA Compliant

Level AAA conformance, W3C WAI Web Content Accessibility Guidelines 2.1

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 2000+ clauses, available in 14 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Explore
Cookie Solution icon

Privacy Controls and Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, CPRA (CCPA amendment) and LGPD. Integrated with the IAB TCF and CCPA Compliance Framework.

Our solution allows you to display a fully customizable cookie banner/consent banner, collect cookie consent, implement prior blocking (including auto-blocking), set advertising preferences, and more.

Explore

Compliance for your organization

Consent Solution icon

Consent Database

Collect GDPR & LGPD consent, document opt-ins and CPRA (CCPA amendment) opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Explore
Internal Privacy Management icon

Register of Data Processing Activities

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.

Explore