Brazil · LAI & LGPD
Access and data protection for Brazil, in one platform
AccessPoint manages LAI access-to-information requests and LGPD data-subject requests, breach notifications, and impact assessments — pre-configured for Brazil, Portuguese-first, and running inside your own Microsoft 365 tenant.
Brazil at a glance
- Response deadline
- Immediate where possible, otherwise 20 days (LAI, art. 11)
- Extensions
- A further 10 days with express written justification
- Fees
- Access is free — only the cost of reproduction may be charged
- LGPD data-subject rights
- Access and correction (art. 18), with a full declaration within 15 days (art. 19)
- Oversight
- CGU for LAI appeals; the ANPD for data protection (fines up to R$50 million per infraction)
- Languages
- Portuguese, extensible to other languages
Built for Brazil
One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.
LAI request lifecycle
Intake to decision on LAI's clock — immediate access where the information is at hand, otherwise 20 days plus a justified 10-day extension — with grounds for refusal, classification levels, reproduction-cost estimates, and a defensible record, all built on Microsoft 365.
The LAI appeal ladder
Track appeals up the statutory ladder — to the immediately superior authority, then to the Controladoria-Geral da União — each with its own clock, an investigation workspace, and a guided path to disposition.
LGPD requests and assessments
Run data-subject access and correction requests under article 18, with the full declaration inside the 15-day window, plus the impact reports LGPD expects — on a guided questionnaire engine with an embedded risk register and a regulator-ready export.
Breach notification to the ANPD
Log a security incident, assess the risk of relevant harm, and get a live checklist of what must be reported to the ANPD and to affected data subjects — within three business days of becoming aware, under Resolution CD/ANPD nº 15/2024.
Portuguese-first
Every interface element, notice, letter, and template is available in Portuguese out of the box, and extends to other languages for organisations that need them.
In your own tenant
Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.
Two laws, one platform
Brazil runs on two information laws. AccessPoint runs both.
The Lei de Acesso à Informação opened public bodies to information requests; the Lei Geral de Proteção de Dados gave every person rights over their personal data and put an independent authority, the ANPD, behind them. They are different laws with different regulators — the CGU and the ANPD — but they land on the same office. AccessPoint operates both on one platform, Portuguese-first and in your own tenant, so LAI requests, LGPD data-subject requests, and breach notifications live in one system instead of three.
Configured out of the box
Installing the br-lai-lgpd configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.
Related guide: FOI Workflow Quick Check- LAI and LGPD as the legal-authority and citation spine
- Brazilian national-holiday calendar and LAI due-date rules
- LAI grounds for refusal and classification levels, colour-coded for redaction
- The LAI 10-day extension reason with its citation
- The LAI appeal ladder — superior authority, then the CGU
- LGPD data-subject request types for access and correction
- LGPD security-incident notification rules for the ANPD
- Portuguese correspondence and notification templates with statutory wording
Brazil Questions
Does AccessPoint cover both the LAI and the LGPD?
Is the platform available in Portuguese?
Does it handle LGPD breach notification to the ANPD?
Where does Brazilian data reside?
Run LAI and LGPD in One Platform
Try AccessPoint free for 30 days, pre-configured for Brazil. No credit card required.
Start Free Trial