Employee Data Privacy

Brazil - Cross-Border Data Transfer

 Download as a PDF

Are there any restrictions on transferring personal data and how can these be overcome?

Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.


Cross-border data transfers under the General Data Protection Law

The General Data Protection Law (LGPD) sets the standard for international data transfers in Brazil. Brazilian employers are able to transfer employee data in cases including:

  • when the data is being transferred to countries or international organizations that provide a level of protection that is deemed adequate under the new LGPD (The Data Protection Authority, ANPD,  will determine which countries and international organizations are considered to have adequate protections in place);
  • when the controller can prove compliance with the principles and rights that are outlined in the law via: a) contractual clauses (either standard or specific to a given transfer); b) global corporate rules; or, c) regularly issued stamps, certificates and codes of conduct (The ANPD will define the minimum content of the model contractual clauses and verify contractual clauses, global corporate rules, stamps, certificates and codes of conduct);
  • when the employees have given their specific consent for the transfer, and they were given prior information about the international nature of the operation (i.e. they have specifically consented to their data being transferred internationally for the given purpose);
  • when the ANPD has authorized the transfer;
  • when necessary to: comply with a legal or regulatory obligation of the employer; execute a contract or preliminary procedure relating to a contract of which the employee is a party (at the request of the employee); or, when necessary to protect the life or safety of the employee or a third party.


HR Best Practices: More specific rules relating to data transfers are expected to be introduced in the future. The use of applications in the cloud frequently results in the international transfer of employee data. Personal data should only be transferred outside Brazil when an adequate level of protection and privacy is ensured.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk