Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) Compliance

Americas Map


Active now

Brazil – General Data Protection Law (LGPD)

Thales eSecurity can help organizations comply with Brazil’s LGPD and avoid fines and breach notifications through best practice data security, including:

  • Anonymizing personal data
  • Controlling access to sensitive data
  • Monitoring and logging all data access

Brazil’s General Data Protection Law (LGPD) was passed August 14, 2018, and goes into effect in 2020.

According to Article 1 of the law itself:

This Law provides for the processing of personal data, including by digital means, by a natural person or a legal entity of public or private law, with the purpose of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.

Wherever you operate and whatever the regulation, you can rely on Thales to help manage your risk. Thales eSecurity can help your organization comply with many of the requirements of LGPD.

Best Practices

Brazil’s General Data Protection Law (LGPD) requires best practice in data security for personal data and notes that personal data that has been anonymized is no longer considered to be within the scope of the law, if it cannot easily be returned to its original state by those who might obtain it.

Best practice for data security always includes:

  • Encryption or tokenization of the data
  • Protection and management of the keys used to encrypt the data
  • Control of user access to the data
  • Logging of data access events

Thales eSecurity has years of experience helping organizations implement these best practices, which will be necessary to comply with LGDP.

Encryption and Tokenization

Encryption of Data at Rest: Vormetric Transparent Encryption

Thales eSecurity’s Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.

Vormetric Tokenization with Dynamic Masking

Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates, such as LGPD. The solution delivers capabilities for database tokenization and dynamic display security. Enterprises can efficiently address their objectives for securing and pseudonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.

Vormetric Application Encryption

Vormetric Application Encryption delivers key management, signing, and encryption services enabling comprehensive protection of files, database fields, big data selections, or data in platform-as-a-service (PaaS) environments. The solution is FIPS 140-2 Level-1 certified, based on the PKCS#11 standard and fully documented with a range of practical, use-case based extensions to the standard. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution, with development options including a comprehensive, traditional software development kit for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.

Encryption Key Management: Vormetric Integrated Key Management

Thales eSecurity’s Vormetric Integrated Key Management unifies and centralizes encryption key management on premises and provides secure key management for data storage solutions. Cloud Key Management products include the CipherTrust Cloud Key Manager for centralized multi-cloud key life cycle visibility and management with FIPS-140-2 secure key storage, and Cloud Bring Your Own Key.

User Access Control: Vormetric Data Security Manager

Thales eSecurity’s Vormetric Data Security Manager enables the organization to limit user access privileges to information systems that contain sensitive Information.

Database Access Logging: Security Intelligence Logs

The Vormetric Platform’s Security Intelligence Logs let your organization identify unauthorized access attempts and to build baselines of authorized user access patterns. Vormetric Security Intelligence integrates with leading security information and event management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data needed to build behavioral patterns required for identification of suspicious use by authorized users, as well as training opportunities.

Compliance Brief : Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados - LGPD)

The LGPD creates a new legal framework for the use of personal data in Brazil. The LGPD will have transversal, multi-sectoral application to all sectors of the economy, both public and private, online and offline. With few exceptions, such as national and public security; pure research, artistic and journalistic purposes; any practice that process personal data will be subject to the law. If your company processes personal data in Brazil, read this brief to understand how Thales eSecurity can help you comply with this brand new legislation.


Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail


Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More


Americas Map Thumbnail


Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More


Americas Map Thumbnail


Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
Visionner notre démo interactive Explorer
Programmer une démo en direct Programmer
Entrer en contact avec un spécialiste Nous contacter