IBM Cloud® compliance: LGPD (Brazil)
Graphic showing two people standing on platforms, with one person looking at a map and the other at a security shield
What is LGPD?

The Brazil General Data Protection Law,  (Lei Geral de Proteção de Dados LGPD), came into force on September 18, 2020. The LGPD is modeled closely after the European Union's General Data Protection Regulation (GDPR) and, like the GDPR, governs how individuals and companies collect, use and otherwise process personal data.

The LGPD applies to the processing of personal data by an individual or company if:

  • The processing is carried out in Brazil, or
  • The purpose of the processing is to (i) offer or supply goods or services to individuals located in Brazil, or (ii) process personal data of individuals located in Brazil
  • The personal data is collected in Brazil
IBM position

IBM has implemented a process to review all its products, offerings and services against LGPD requirements. IBM believes thats its standard technical and organization measures are appropriate and proportionate to manage the risks posed to the security of network and information systems as required by the LGPD. 

To reference the laws or jurisdictions to which the IBM Data Protection Addendum applies, please visit the IBM DPL. The IBM DPA can be found on the IBM Terms site

For more information on IBM data privacy policies, please visit the IBM Trust Center.  If you have further questions regarding IBM privacy policy for external offerings, you can contact IBM helpdesk.
Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

 See more compliance programs