Brazil · LAI & LGPD

Access and data protection for Brazil, in one platform

AccessPoint manages LAI access-to-information requests and LGPD data-subject requests, breach notifications, and impact assessments — pre-configured for Brazil, Portuguese-first, and running inside your own Microsoft 365 tenant.

Brazil at a glance

Response deadline
Immediate where possible, otherwise 20 days (LAI, art. 11)
Extensions
A further 10 days with express written justification
Fees
Access is free — only the cost of reproduction may be charged
LGPD data-subject rights
Access and correction (art. 18), with a full declaration within 15 days (art. 19)
Oversight
CGU for LAI appeals; the ANPD for data protection (fines up to R$50 million per infraction)
Languages
Portuguese, extensible to other languages

Built for Brazil

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

LAI request lifecycle

Intake to decision on LAI's clock — immediate access where the information is at hand, otherwise 20 days plus a justified 10-day extension — with grounds for refusal, classification levels, reproduction-cost estimates, and a defensible record, all built on Microsoft 365.

The LAI appeal ladder

Track appeals up the statutory ladder — to the immediately superior authority, then to the Controladoria-Geral da União — each with its own clock, an investigation workspace, and a guided path to disposition.

LGPD requests and assessments

Run data-subject access and correction requests under article 18, with the full declaration inside the 15-day window, plus the impact reports LGPD expects — on a guided questionnaire engine with an embedded risk register and a regulator-ready export.

Breach notification to the ANPD

Log a security incident, assess the risk of relevant harm, and get a live checklist of what must be reported to the ANPD and to affected data subjects — within three business days of becoming aware, under Resolution CD/ANPD nº 15/2024.

Portuguese-first

Every interface element, notice, letter, and template is available in Portuguese out of the box, and extends to other languages for organisations that need them.

In your own tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

Two laws, one platform

Brazil runs on two information laws. AccessPoint runs both.

The Lei de Acesso à Informação opened public bodies to information requests; the Lei Geral de Proteção de Dados gave every person rights over their personal data and put an independent authority, the ANPD, behind them. They are different laws with different regulators — the CGU and the ANPD — but they land on the same office. AccessPoint operates both on one platform, Portuguese-first and in your own tenant, so LAI requests, LGPD data-subject requests, and breach notifications live in one system instead of three.

LAI requests Public-body access on the 20-plus-10-day clock, with CGU appeals.
LGPD requests Data-subject access and correction, with assessments and a risk register.
Breach notification ANPD and data-subject notice within three business days, computed for you.

Configured out of the box

Installing the br-lai-lgpd configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • LAI and LGPD as the legal-authority and citation spine
  • Brazilian national-holiday calendar and LAI due-date rules
  • LAI grounds for refusal and classification levels, colour-coded for redaction
  • The LAI 10-day extension reason with its citation
  • The LAI appeal ladder — superior authority, then the CGU
  • LGPD data-subject request types for access and correction
  • LGPD security-incident notification rules for the ANPD
  • Portuguese correspondence and notification templates with statutory wording

Brazil Questions

Does AccessPoint cover both the LAI and the LGPD?

Yes. The Brazilian configuration ships both regimes in one pack — LAI access-to-information requests and LGPD data-subject requests — with the LAI's 20-day clock and justified 10-day extension, the LGPD's access and correction rights (art. 18) and 15-day full-declaration window (art. 19), the ANPD security-incident notification rules, and the CGU appeal ladder reflected in the workflows.

Is the platform available in Portuguese?

Yes. The Brazilian pack is Portuguese-first — every interface element, notice, letter, and template is available in Portuguese out of the box — and AccessPoint extends to other languages for organisations that operate in more than one.

Does it handle LGPD breach notification to the ANPD?

Yes. Log a security incident and AccessPoint assesses the risk of relevant harm and produces a live checklist of what must be reported to the ANPD and to affected data subjects — within three business days of becoming aware, under Resolution CD/ANPD nº 15/2024 — with a full audit trail.

Where does Brazilian data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run LAI and LGPD in One Platform

Try AccessPoint free for 30 days, pre-configured for Brazil. No credit card required.

Start Free Trial