Brazil’s new data protection regulation will come into force in August 2020. The General Data Protection Law (LGPD in Portuguese), which adopts best practices on transparency, legal certainty, and efficiency, will make a difference in how companies in Brazil operate. The legislation has an extraterritorial application, meaning the law applies to any individual or organization, public or private, that collects or processes personal data in Brazil – regardless of where that organization is based. It also applies to organizations that intend to offer services to individuals in Brazil. What are the three keys to understanding the new law?