If your company has customers in Brazil and you collect or process personal data, you need to comply with the Lei Geral de Proteção de Dados (LGPD). If you are already compliant with the GDPR, then you have already done a great deal of the work necessary to comply with LGPD.

Skip introduction and take me to the checklist

LGPD: an introduction

What is the LGPD?

The LGPD is Brazil’s federal data privacy law that governs all personal data processing within the country. It was passed in August 2018 and took effect in August 2020. LGPD empowers individuals inside Brazil with nine enforceable rights over their own personal data.

What is personal data under the LGPD?

The LGPD defines personal data as any kind of information regarding an identified or identifiable natural person. This includes anything from names, addresses, location data, information on physical, genetic, mental, economic, cultural or social facts, as well as online identifiers such as IP addresses, cookies, browser and search history.

Who is required to comply with the LGPD?

Any website, company or organization that processes personal data within Brazil’s territory is required to comply with the LGPD – even foreign data processors. The LGPD has extraterritorial application, meaning that websites anywhere in the world will have to comply with the LGPD if they process personal data from individuals inside Brazil.

How can my website become compliant with the LGPD?

Your website must have a legal basis for processing personal data from individuals inside Brazil. You might need to ask for and obtain the clear and unambiguous consent of its users before legally being allowed to process any personal data, e.g. through cookies and trackers in operation on your website.

Our solution simplifies these requirements for you by allowing you to easily manage consent and log proof of consent for each of your website users.

Want to know more about LGPD?

Check out our blog post: Brazil’s General Data Protection Law

LGPD: A Cookiebot CMP checklist:

This guide is focusing solely on providing the tools needed to make your website’s use of cookies and online tracking compliant with LGPD. Other aspects of the LGPD are therefore not covered or addressed in the checklist.

The checklist is not intended as legal advice - if in doubt, seek advice from a trusted legal source or your Data Protection Authority.

It’s easy to setup your Cookiebot banner for LGPD compliance. Cookiebot uses the same ruleset applied for GDPR to enable your LGPD compliance. As the two rulesets in many aspects are nearly identical, our solution is ready to use out of the box.

Make sure you comply with LGPD by following these simple steps.

First time set up

If you are setting up Cookiebot for the first time, you can select the LGPD preset at the very first step in the lower left portion of the screen.
This will automatically configure the banner to comply with LGPD. You can still make some changes to suit your needs though.

Adding LGPD as an additional legislation

When adding LGPD as an additional legislation, you will need to create a separate domain group that is configured to comply with LGPD.

Follow the following steps to create the additional domain group.

Add a new domain group.
- If you only have a single domain group:
  - Select "Domains & Aliases" from the left-hand menu.
  - Click "Manage your domain groups".
- If you already have multiple domain groups:
  - Click "Manage" at the top of the domain group section of the left-hand menu
- Click the "+ Create group" button.
Name your new domain group "LGPD" and press the "Create group" button.
Click the "Configure CMP" icon on the line with your new domain group.
Click "Legislation presets" at the right side of the screen and select the LGPD preset.
Click the "Save changes" button to save your domain group settings.

Using Cookiebot for LGPD compliance (Cookiebot Admin)