Fluid Attacks Database

LGPD

Last updated: 2023/09/18

The Brazilian General Data Protection Law (LGPD) can be considered as Brazil's answer to the GDPR —with the Brazilian law aligning with the European Regulation in many ways, while differing in others. The LGPD aims at creating a new legal framework for the use of personal data in Brazil, both online and offline, in the private and public sectors. Last Update: October 2020.

Control-Requirement Mapping

Definition	Requirements
9. Requirements for the Processing of Personal Data	315. Provide processed data information
16. Termination of Data Processing	183. Delete sensitive data securely 317. Allow erasure requests 360. Remove unnecessary sensitive information
19. Data Subjects Rights	314. Provide processing confirmation
20. Data Subjects Rights	316. Allow rectification requests
26. Rules	189. Specify the purpose of data collection 331. Guarantee legal compliance
46. Security and Secrecy of Data	114. Deny access with inactive credentials 341. Use the principle of deny by default 095. Define users with privileges 096. Set user's required privileges
51. Good Practice and Governance	331. Guarantee legal compliance
60. Final and Transitional Provisions	183. Delete sensitive data securely 312. Allow user consent revocation 317. Allow erasure requests 360. Remove unnecessary sensitive information
7_I. Requirements for the Processing of Personal Data	310. Request user consent
7_II. Requirements for the Processing of Personal Data	331. Guarantee legal compliance
7_III. Requirements for the Processing of Personal Data	314. Provide processing confirmation
7_VI. Requirements for the Processing of Personal Data	315. Provide processed data information 331. Guarantee legal compliance
7_X-3. Requirements for the Processing of Personal Data	261. Avoid exposing sensitive information 315. Provide processed data information 045. Remove metadata when sharing files
7_X-5. Requirements for the Processing of Personal Data	315. Provide processed data information
7_X-7. Requirements for the Processing of Personal Data	315. Provide processed data information
8-2. Requirements for the Processing of Personal Data	311. Demonstrate user consent
8-4. Requirements for the Processing of Personal Data	315. Provide processed data information
8-5. Requirements for the Processing of Personal Data	312. Allow user consent revocation
8-6. Requirements for the Processing of Personal Data	262. Verify third-party components 318. Notify third parties of changes
9_VII-2. Requirements for the Processing of Personal Data	301. Notify configuration changes 310. Request user consent 318. Notify third parties of changes
11_I. Processing of Sensitive Personal Data	310. Request user consent
14-1. Processing of Children and Adolescents Personal Data	310. Request user consent
14-2. Processing of Children and Adolescents Personal Data	314. Provide processing confirmation 315. Provide processed data information
15_I. Termination of Data Processing	360. Remove unnecessary sensitive information
15_III. Termination of Data Processing	312. Allow user consent revocation
18_I. Data Subjects Rights	314. Provide processing confirmation
18_II. Data Subjects Rights	085. Allow session history queries
18_III. Data Subjects Rights	316. Allow rectification requests
18_IV. Data Subjects Rights	322. Avoid excessive logging 360. Remove unnecessary sensitive information
18_VI. Data Subjects Rights	310. Request user consent 317. Allow erasure requests
18_IX. Data Subjects Rights	312. Allow user consent revocation
19_II-1. Data Subjects Rights	227. Display access notification 229. Request access credentials
23_I. Rules	315. Provide processed data information 095. Define users with privileges

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.