Brazil’s LGPD

Updated on December 17, 2022

What Is The LGPD?


The Brazilian General Personal Data Protection Law 13709/2018 (LGPD) – which came into force in August 2020 – is designed to strengthen personal data protection and establish a structured framework for collecting, processing, using, and sharing (known as “processing operations”) personal data. The LGPD has extraterritorial application and affects both organizations established in Brazil and organizations located outside of Brazil that offer goods or services to individuals located in Brazil.


Like the EU GDPR, the LGPD defines and distinguishes between two types of roles and responsibilities regarding the processing of personal data: “data controller” and “data processor”.


A data controller is in charge of making decisions regarding the processing of personal data, while a data processor processes personal data in the name of the data controller. Akzis is the data processor where it processes personal data solely on behalf of its customers, and is the controller where it processes personal data for its own purposes.


How is Akzis complying with the LGPD?


Akzis is committed to compliance with the requirements of the LGPD where it applies to our data processing activities.


This includes:


  • Adopting security, technical and administrative measures aimed at protecting personal data from unauthorized access or any improper or unlawful processing;
  • Having a dedicated privacy team for monitoring and ensuring that personal data processed by Akzis are protected and that we remain compliant with applicable data protection and privacy regulations;
  • Being transparent and fair in our data processing activities – Akzis’s Privacy Policy thoroughly details how in our capacity as data controller we process personal data and for which purposes; and our Data Processing Addendum sets the terms pursuant to which we process personal data on behalf of our customers, as their data processor;
  • Ensuring that personal data remains protected to the levels which are required under the LGPD even if the personal data is transferred to another country;
  • Having procedures for handling data subject requests, suspected incidents concerning personal data, and regularly conducting privacy training for all relevant members of our staff.


If you have any questions concerning Akzis’s privacy program and our compliance with the LGPD, please feel free to contact our Data Protection Office & Privacy Team here.

Share by: