Fintech Market Overview

This article does not constitute legal advice.

Data protection in Brazil

Fintech Software

Law No. 13,709/2018 (the Brazilian General Data Protection Law (LGPD)), grounding upon international instructions and legislation, primarily, the EU General Data Protection Regulation (GDPR), was put into force in September 2020. The LGPD is applicable to any personal data processing procedures, no matter whether they are carried out by public or private entities, in the online and offline modes, applying automated and non-automated instruments. That’s why it is actual for activities of fintech bodies engaged personal data processing.1

Personal data protection legislation has been significantly modified in Brazil. For instance, the LGPD, which regulates processing of personal data by public and private entities in online and offline modes applying automated and non-automated instruments, was put into force in August, 2018. The Law was grounded upon international benchmarks, especially the ones provided by the EU GDPR, and became valid in September 2020.1

Nowadays, there are several legal provisions Brazil that are coping with various segments of privacy and data protection. They are, for instance, intimacy, private life, honor, image and secrecy of correspondence, bank operations and communications. These provisions are parts of the Federal Constitution, the Civil Code, the Consumer Protection and the Defense Code, the Banking Secrecy Law, the Brazilian Internet Act and the Criminal Code. Nonetheless, the LGPD is the first multifactorial law in Brazil aimed at focusing on personal data protection. In general, its applicability has no limitations by particular segments of agents and subjects or types of processing.1

The LGPD has provided for standards and stipulated noticeable definitions within Brazilian data privacy legislation, e.g., personal data, sensitive personal data, anonymized data, data controller and data processor. Surrounding data processing, including compliance with a legal or regulatory obligation, the fulfilment of a contractual or legal responsibilities and the controller's legally grounded interest, as well as identifying the details on how the user's permission must be obtained to legalize personal data processing are also included into the regulative environment.1

The LGPD also tackles the issues concerning international transfer of personal data, rules on liability, data breach and penalties related to the violation of data privacy rights. The effects of the LGPD extend to any processing of personal data carried out or collected within the Brazilian territory or made with the purpose of offering or supplying goods or services to individuals located within the Brazilian territory.1

The LGPD also stipulates the provisions regulating building up of the Brazilian National Data Protection Authority (ANPD).1

Cross-border payments in Brazil

Fintech in Brazil

Fintech in other countries

  1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/brazil
Offer for startups

Fast start for $5K

You can launch your platform by paying $5000 initially and the rest after 6-12 months if your business grows