Compliance Brasil

Legal framework for digital identity verification in Brazil

Compliance encompasses the processes an organisation follows to operate in accordance with laws, regulations and ethical standards. Digital identity verification is essential for complying with these regulations and maintaining trust with clients in Brazil, the country with the most victims of financial scams. As Serasa Experian’s Fraud Attempts Indicator shows “Brazil started 2023 with more than 284 thousand phishing attempts in the month of January, which means that a Brazilian was a victim of fraudsters every 9 seconds.”  Regulatory compliance in Brazil has become more important, with stricter regulations on identity verification. Companies in all industries are facing increasingly stringent regulations related to customer, business partner and employee identity verification.

We will explore how Brazilian regulations address the security of biometric data and how digital identity helps to ensure the confidentiality of all parties involved.

Brazilian regulations and standards

The Lei Geral de Proteção de Dados Pessoais (LGPD) is one of the most extensive sets of regulations and among those that offer the most guarantees on users’ rights. The LGPD creates a protection framework that binds organisations that process data, modelled on the EU’s General Data Protection Regulation (GDPR). In line with European regulations, the LGPD provides for Impact Assessments (RIPD) to be carried out in processing cases that may generate risks to freedoms. Some of the key elements addressed by this law include:

Data processing

This refers to any activity that uses personal data in the execution of its operation. These activities may include collection, production, reception, classification, use, access, reproduction and transmission, among others.


Good Practice Guide for the Implementation of the LGPD in the Federal Public Administration

Prepared by the different bodies that make up the Central Data Governance Committee, this guide contains guidelines on the attributions and actions of the Controller, the Operator and the Processor, as well as the National Data Protection Authority (NDA). Additionally, the Good Practice Guide for the Implementation of the LGPD in the Federal Public Administration deals with the fundamental rights of data subjects, addresses data processing scenarios and their implementation, indicates the life cycle of personal data processing and presents good practices in information security.


Compliance and Facephi

At Facephi, as developers of biometric technology for digital identity verification , we understand that having in-depth knowledge of the regulations and regulatory bodies in force in Brazil ensures full respect for users’  rights.

Close collaboration and rigorous compliance with these bodies are essential to ensure that the technology solutions we offer are securely integrated and meet the highest legal and security standards. Not only does this prevent potential legal problems and sanctions, but it also reinforces user confidence and contributes to building a robust and secure financial system for all involved.

In the digital era, client identity verification is essential. Don’t risk compromising security, contact us today to find out how you can comply with regulations and protect your users’ identities.