DPDP Act VS DPDP vs Brazil's LGPD: Emerging Market Data Protection
India and Brazil are BRICS nations with comprehensive data protection laws. Compare DPDP Act 2023 with Brazil's LGPD — consent, enforcement, penalties, and children's data.
DPDP vs LGPD: Two Emerging Market Approaches
India’s DPDP Act 2023 and Brazil’s Lei Geral de Proteção de Dados (LGPD, 2020) represent how the world’s large emerging economies are tackling data protection. Both were inspired by GDPR but adapted for their national contexts.
Comparison Table
| Feature | DPDP Act 2023 (India) | LGPD (Brazil) |
|---|---|---|
| Legal bases | Consent + legitimate use | 10 legal bases including legitimate interest |
| Scope | Digital personal data only | All personal data (digital + physical) |
| Sensitive data | No separate category | Defined categories (health, race, religion, etc.) |
| DPO requirement | SDFs only | Required for all controllers |
| Max penalty | ₹250 Crore (~$30M) | 2% of revenue, capped at R$50M (~$10M) per violation |
| Children’s age | Under 18 | Under 12 (with specific consent requirements) |
| Enforcement | Data Protection Board | ANPD (National Data Protection Authority) |
| Data portability | Not explicit | Explicit right included |
| International transfer | Blacklist model | Adequacy decisions, standard clauses, or specific consent |
What Businesses Can Learn
Brazil’s LGPD enforcement experience since 2020 offers lessons for Indian companies preparing for DPDP. Brazil’s ANPD has issued practical guidance on consent, security incidents, and small business exemptions that mirror issues DPDP will likely address through rules and DPB decisions.
Confused by the differences?
Dual compliance is tricky. Our experts can help you navigate both DPDP vs Brazil's LGPD: Emerging Market Data Protection and DPDP requirements.
Book Strategy Call