Lei Geral De Proteção De Dados Pessoais (LGPD)

Salesforce solutions for LGPD implementation

Key Considerations

Brazil’s Lei Geral de Proteção de Dados brings requirements similar to GDPR. See if they impact your Salesforce.

A snapshot of Cloud Compliance's Enterprise Data Inventory showing a list of DI Systems including Salesforce, NetSuite, and others

Discover Personal Data

Article 5, 37-40, 42, 43

Data Inventory and Classification

Track and inventorize Personal Data across your enterprise. Document data collection and movement both for internal and to 3rd parties.


Assess your organization’s posture for LGPD compliance, identify gaps, and mitigate risks. Use our pre-built templates or create custom assessments for your unique requirements.

Automate Privacy Rights

Article 5, 6, 9, 10, 14, 17, 18, 19, 20

Data Subject rights for Access, Correct, Anonymize, Portability, Deletion, and others, Self-serve Privacy center

Enable branded self-service request portal for common Data Subject Access Requests (DSAR) for seamless customer care.

 

Simplify the logging of DSARs, verification process, generation, and delivery.

 

Support multiple regulatory requirements, such as offering different Portability documents for LGPD vs GDPR.

Screenshot of a privacy portal setup tool interface from Cloud Compliance
Consent Management interface showing customer support, product recall

Manage Consent​

Article 8-10, 15, 18

Manage Opt-in/Outs, Consent, and Communication Preferences

Obtain and track Consent to ensure data processing is in compliance with privacy laws. Cloud Compliance offers a full lifecycle including a self-service capability.


Manage Communication Preferences and consent in a centralized repository to avoid Consent fragmentation.


Integrate consent and communication preferences with Salesforce, Marketing, and other systems.

 

Minimize Personal Data

Article 12, 15

Data Retention - Automated anonymize and delete

Minimize data for LGPD compliance and limit breach exposure by reducing your data footprint.

 

Automate retention policy enforcement in Salesforce with precise control on removing personal information.

 

Free up Salesforce storage or preserve reporting and others with the flexibility to Delete or Anonymize records.

Screenshot of a data selection interface with a 'Welcome' banner and 'Step 1' indicating the process stage
GDPR Privacy Terms Content Management Interface

Manage Policy and Notices

Article 8, 9

Data Processing Notices and disclosure

Manage and update policies in Salesforce for multiple regulations, countries, and languages.

 

Disclose privacy notices across websites, mobile apps, and others. Securely collect audit-ready proof of acceptance during customer onboarding and other business processes.

Mask Sandbox Data

Article 12, 15

Pseudonymize or Anonymize Personal Data to prevent Sandbox induced Data Breach

Protect your organization by masking or erasing sensitive data in your sandboxes.

 

Automate common tasks and sandbox readiness to ensure data hygiene and business usability of data while staying compliant with LGPD security measures for data processing.

Workflow diagram for data preparation with stages: Sandbox Refresh, Data Masking, Post-refresh Automation, and Ready for use.

Why Compliance Matters

Ethics

Your customer’s privacy is more than a compliance initiative. Privacy is a basic human right that your organizational ethos should align with.

Embarrassment

Privacy violations are magnified disproportionately in social media. Bad publicity impacts your company’s leadership, stock price, and financials.

Fines

Many organizations have been penalized for their privacy oversights. Regulatory authorities are scaling up faster than the time you may need to design compliance policies.

Trust

Building trust in a digital world is difficult enough. Erosion of trust due to unsavoury privacy incidents can permanently damage your business.

Frequently asked questions

What is LGPD?

Lei Geral de Proteção de Dados Pessoais (LGPD), or General Personal Data Protection Law (Brazil), is a statutory law on data protection and privacy in the Federative Republic of Brazil which came into effect on September 18, 2020.


Its goal is to safeguard and protect the personal data privacy of individuals in Brazil. The LGPD provides provisions and requirements related to the processing of the personal data of individuals in Brazil.

Does LGPD apply to me?

If your organization offers goods and services in the jurisdictions or processes personal data in Brazil region, then yes, LGPD will apply to you, irrespective of where your organization is physically located or registered.

 

Does LGPD apply to Non-profits?

Yes. LGPD applies to For-profit & Non-profits entities.

 

How can I make sure that my Salesforce is LGPD compliant?

CRM systems such as your Salesforce Org may contain the personal data of your prospects, customers, employees, and partners. To ensure GDPR compliance, you can standardize, automate and enforce GDPR-specific requirements with Cloud Compliance’s Apps available from AppExchange.


Some common use cases where Salesforce customers use our Apps include:

  • Generate a personal data inventory and conducting Data Protection Impact Assessments (DPIA) (Use our Personal Data Discovery)
  • Automate Data Portability, Right To Be Forgotten (RTBF), and other Subject Access Requests (SAR) (Use our Privacy Rights Automation)
  • Mask Sandbox Data to Enforce Data Security (Use our Sandbox DataMasker)
  • Drive transparency and audit-readiness in your privacy disclosures (Use our Policy & Notice Management)
  • Solve consent fragmentation with an enterprise-wide consent and communication preference repository in your Salesforce org (Use our Consent Management)
  • Orchestrate processing of RTBF & portability DSARs across all Salesforce Orgs (Use our MOPS Hub).
What’s the difference between GDPR and LGPD?

GDPR is the framework legislation of Europe while LGPD is the framework legislation of Brazil.

 

The essence of both these laws is the same – to protect the data privacy of their respective constituents. GDPR applies to EU residents, while LGPD applies to residents in Brazil.

Both these laws have their differences and similarities in terms of enforcement.