Skip to main content

LGPD guide

Brazil's Lei Geral de Proteção de Dados (LGPD) is the country's general data protection law, similar in structure to the European GDPR. If your website serves visitors in Brazil, the LGPD likely applies to you.

Who's affected

The LGPD applies if your business processes personal data and any of these are true:

The processing happens in Brazil.

The processing is intended to offer goods or services to people in Brazil.

The data being processed was collected in Brazil.

In short, if you have Brazilian visitors, the LGPD likely applies.

What the LGPD expects

A few rules that matter most for cookies and tracking:

A lawful basis for processing. Consent is one of ten lawful bases. For cookies that aren't essential, consent is usually the right fit.

Consent must be specific and informed. Visitors must understand what they're agreeing to and have the freedom to refuse.

Visitors can withdraw consent. Just as easily as they gave it.

Visitors have rights to access, correct, and delete their data.

A record of processing activities. Including the consent decisions you've collected.

The LGPD looks very similar to the GDPR in practice, so the same setup serves both regions well.

How One Privacy helps

Opt-in banner. Accept All, Reject All, and Manage Settings clearly visible. Visitors decide before any non-essential cookie runs. See Visibility settings.

Granular categories. Visitors can accept some categories and reject others. See Cookie settings popup.

Easy withdrawal. The floating button lets visitors reopen and change their preferences any time. See Floating cookie settings button.

Multilingual support. Add Portuguese (and any other language your audience speaks) so the consent experience feels native. See Multilingual banners.

Complete audit trail. Every consent decision is recorded with timestamps and category states. See Consent audit overview.

Geo-aware targeting. Show a Brazil-specific banner if you want to localize the experience. See Creating a geo rule.

What's still on you

One Privacy handles the consent layer. To round out LGPD compliance, your business also needs:

A way for individuals to exercise their rights (access, deletion, portability).

A documented data protection officer (DPO) if you process large amounts of personal data.

Procedures for breach notification to the Brazilian Data Protection Authority (ANPD) and affected individuals.

Your legal team can help with these pieces.

What's next

GDPR guide.

Multilingual banners.

Creating a geo rule.

Cookie categories explained.