The Brazilian Constitution protects the private life of the individual as a fundamental right. In the past, this was given effect by a sectoral regulation on privacy, data protection, and cybersecurity matters. In August 2018, Congress passed legislation to change the data protection regime in Brazil (LGPD), which will become effective on August 16, 2020. The LGPD is influenced by the GDPR and regulates the use of personal data in Brazil. It applies to data processing operations carried out by individuals and legal entities, both public and private, regardless of their location or the location of the data and regardless of the means of data processing. However, personal data collection and data processing must occur in Brazil. Processing must also be aimed at providing goods or services to individuals located in Brazil. There are exceptions for processing operations carried out by individuals for private and non-economic purposes; for journalistic, artistic or academic purposes; for public security or national defense purposes; or for the purposes of criminal investigations and prosecutions. Processing operations involving personal data originating from other countries, or for other countries, where the data only passes through Brazil without any other processing operation carried out, are also not subject to the LGPD.