Beginning 15 February 2020, Brazil’s new data protection law, Lei Geral de Proteção de Dados (LGPD), will require companies to comply with strict requirements related to the processing of personal data. The law is similar in many respects to the EU’s GDPR and extends extraterritorially to foreign domiciled corporations with processing operations affecting Brazilian domiciled individuals. The Brazilian data protection authority can impose fines for noncompliance with the LGPD of up to 2 percent of a company’s gross revenues in Brazil from the previous year, or BRL 50 million (approximately USD 12 million), whichever is greater, per violation. In addition, the data protection authority can totally or partially suspend any activities related to a company’s data processing activities.