Learn how the LGPD will impact your business

The new regulation requires a multidisciplinary approach to ensure the best information privacy management

See how we can support your company in this journey.

What is the Brazilian General Data Protection Act?

Inspired by the European regulation (General Data Protection Regulation - GDPR), the Brazilian General Data Protection Act (in Portuguese, LGPD, Lei Geral de Proteção de Dados) establishes rules on collecting, handling, storing and sharing of personal data managed by organizations. The legislation is part of the Brazilian context of progressive adaptation to the best global data management practices and it covers all companies that offer services or have operations involving data handling in Brazil.  

With the presidential approval, in August 2018, companies will have until 18 months to adjust to the new rules. Companies that violate the new law will be subject to the application of fines that can reach up to 2% of the organization's revenue, with a limit of R$50 million per violation.

In addition to securing individual rights, the LGPD aims to encourage the sustainable development of the economy and the businesses, based on the best international practices.

In addition to establishing new compliance standards, organizations can leverage the LGPD for obtaining a competitive advantage in the use of such data, with a correct planning and the application of good privacy practices.

Read more about the Brazilian General Data Protection Act?

Our solutions

Deloitte has a multidisciplinary team to provide integrated solutions and support organizations in adapting to the new legislation, as well as in the resolution of possible incidents.

See examples of how Deloitte can help your business to address this challenge:


The Deloitte Cyber from Risk Advisory area has developed a six-step program to support companies in structuring and implementing a robust compliance plan for the LGPD and the GDPR:

  • Strategy: determines the general approach for a privacy program, in synergy with the company’s reality;
  • Organization and responsibility: defines the structure that will deal with privacy issues as well as the roles and responsibilities of those involved;
  • Policy, process and data: ensures the effective protection, management and use of data, aligned with the company's strategy;
  • Communication, training and awareness: creating an internal communication campaign to ensure that employees know and follow the defined rules;
  • Privacy operations: inserts the subject in every project of the organization, through clear guidelines (privacy by design), as well as systems’ assessments following the Privacy Impact Assessment (PIA) method. It also covers guidelines for audit and researches on privacy certification seals;
  • Processing inventory: a key element in any privacy program, it is a mandatory requirement of the LGPD and the GDPR.

Six-step compliance plan for the LGPD


While cybersecurity acts in the prevention, the Deloitte Forensics front helps to reconstruct the facts and draw up effective measures in case of incidents in the digital environment, such as data leakage.

Computer forensic methodology


André Gargaro

André Gargaro

Deloitte Cyber leader

With more than 25 years of experience in corporate risk management, promoting transformations in projects of resilience and cyber. André Gargaro leads Deloitte Cyber in Brazil and is also responsible ... More

Márcia Ogawa

Márcia Ogawa

Leader of Technology, Media & Telecommunications

Leader of Deloitte in Brazil to assist technology, media and telecommunications companies.... More

Marcelo Farias

Marcelo Farias

Deloitte Cyber partner

With more than 20 years of experience, he is a Deloitte Cyber partner, focusing mainly on cyber projects in the energy, telecommunications and financial sectors.... More