- Trust Center Overview
- Compliance
- Compliance Center
- Country/Region-specific Guidance
- Brazil
- Brazil General Data Protection Act (LGPD)
Frequently asked questions about Brazil LGPD
Frequently asked questions about Brazil LGPD
-
What laws, regulations, and regulatory requirements on data protection require special attention in Brazil?
Brazil's General Data Protection Act (LGPD) is a comprehensive law on the protection of personal data, which regulates the processing of personal data by natural persons and other legal entities governed by public or private law, including personal data processed through digital media. Its purpose is to protect the fundamental rights of freedom and privacy and the free development of the personality of natural persons. The Brazilian LGPD is not limited to Brazil, but applies to any person, group or institution that processes data, provides goods or services to individuals in Brazil, or collects personal data in Brazil. The law was officially signed on 14 August 2018 and entered into force on 18 September 2020.
The Brazilian National Data Protection Authority (ANPD) is responsible for implementing and supervising the implementation of LGPD.
In 2024, ANPD issued the Security Incident Reporting Regulations, which further clarify that if a security incident seriously affects the interests and fundamental rights of data subjects, it may cause related risks or damage to data subjects. The controller is required to report a security event to the ANPD within 3 working days of becoming aware of the security event. The "Procedures and Rules Applicable to the International Transfer of Personal Data" issued in the same year aims to ensure the secure and transparent international transfer of personal data in Brazil, along with officially certified standard contractual clauses.
Huawei Cloud has issued a white paper, HUAWEI CLOUD Compliance Instruction with Brazil LGPD, which shares our experience and practices in privacy protection and describes how we can help you comply with LGPD requirements.
-
What is the scope of Brazil’s LGPD?
The LGPD is applicable to any individual, group, or institution that processes data in Brazil, provides goods or services to individuals in Brazil, and collects personal data in Brazil.
-
Where is my content data stored?
Huawei Cloud has data centers in multiple regions around the world, including Asia, Europe, and the Americas. Data centers in each region are physically isolated. You can choose a region to deploy your services. For example, if you choose a regional site in Brazil, your content data will be stored in the Brazil-based data center. Huawei Cloud will not transfer your content data to other regions without your explicit consent, or unless other legal obligations are presented.
If you need Huawei Cloud's assistance in the cross-border transfer of content data that contains personal data, contact and authorize Huawei Cloud. Huawei Cloud will transfer the data according to your authorization.
-
As a customer of Huawei Cloud, what is required of me under Brazil’s LGPD?
Since you have full control over your content data, you should correctly identify all personal data on the cloud, use appropriate services, and develop security and personal data protection policies to ensure personal data security. In addition, you can use multiple privacy protection services provided by Huawei Cloud to strengthen personal data protection. For details, see section 2.3 in Huawei Cloud Compliance with Brazil LGPD.
-
How can Huawei Cloud help me comply with Brazil’s LGPD?
Huawei Cloud has conducted in-depth analysis of Brazil's LGPD requirements to help you understand the different roles and responsibilities that you and Huawei Cloud have. In addition, Huawei Cloud provides a range of services that help you meet privacy protection requirements based on your service requirements. For details, see Huawei Cloud Compliance with Brazil LGPD.