If you operate in Brazil, or serve Brazilian users, the Lei Geral de Proteção de Dados Pessoais (LGPD) already applies to you. It came into effect in 2020, and like Europe's GDPR, it hands people real control over their personal data and lays out clear rules for how companies collect, store, and use it.
But LGPD isn't a translated copy of GDPR. It carries Brazil's own legal and cultural context, and it's enforced by its own regulator, the Autoridade Nacional de Proteção de Dados (ANPD). The penalties are real, and so is the reputational cost. For any company touching Brazilian data, this is a matter of legal risk and trust, not a checkbox.
Here's the thing: compliance lives or dies at the database. That's where personal data actually sits, where access actually happens, and where a careless query or an over-permissioned account turns a policy document into an incident report. A privacy policy on your website means nothing if anyone with a connection string can SELECT * from your users table.
So let's look at LGPD through a database lens, and walk through how Bytebase helps teams bake compliance into the day-to-day work instead of treating it as a separate project.
Who LGPD Applies To
LGPD applies to any organization, Brazilian or foreign, that processes personal data from individuals located in Brazil.
It draws a line between two kinds of data:
- Personal data is any information that can identify someone, directly or indirectly.
- Sensitive data covers health, biometrics, religion, political beliefs, or ethnicity.
So if your systems store or process user data from Brazil, even if your servers sit halfway across the world, you're in scope. And since the database holds the most sensitive of that data, it's the first place you need strong controls.
If you've dealt with GDPR, the cast of characters will look familiar. LGPD defines the same three roles:
- The Data Subject (Titular) is the individual whose personal data is collected.
- The Controller (Controlador) decides how and why data is processed.
- The Processor (Operador) handles data on behalf of the controller.
Both Controller and Processor must designate a Data Protection Officer (Encarregado) as the contact point with the ANPD and with data subjects.
LGPD Principles Meet Database Reality
Article 6 of LGPD lists ten principles for handling personal data. Several of them map straight onto how a database should be run.
| LGPD Principle | What It Means for Databases | How Bytebase Helps |
|---|---|---|
| Purpose – Use data only for legitimate, specific reasons | Every schema or data change should have a clear purpose | Issue-based workflow tracks who changed what, and why |
| Security – Prevent unauthorized access | Control who can access which databases | RBAC and approval policies enforce least privilege |
| Accountability – Prove you’re following the rules | Show evidence of controls | Review workflow and immutable audit log provide an auditable trail |
| Necessity – Limit processing to what’s essential | Avoid querying or exposing extra data | Dynamic Data Masking hides sensitive fields in query results |
The point is to stop leaving these principles stranded in a PDF. Bytebase pulls them into the database workflow where the actual data changes happen.
Processing Data on a Legal Basis
LGPD only lets you process personal data when there's a valid reason behind it: user consent, a legal obligation, legitimate interest, and so on.
In practice that means two things. You need to know why each piece of data exists, and you need to be able to remove it once that reason no longer holds.
This is where issue-based workflow and the audit log earn their keep. Every change is reviewed, recorded, and tied back to a legitimate purpose. When an auditor or the ANPD asks you to prove it, you're not reconstructing history from memory. You already have the evidence.
Handling Sensitive and Anonymized Data
Sensitive data (health, biometric, or belief-related information) gets extra protection under Article 11. At the same time, LGPD pushes you toward anonymization wherever it's feasible.
Bytebase covers both sides:
- Access control (RBAC) limits who can see or modify sensitive tables.
- Dynamic masking hides real values in query results, which is exactly what you want when developers need to work against lower environments without seeing real people's data.
- Review workflow makes sure every schema and permission change is peer-reviewed before it ships.
That's the gap this closes: turning "we should protect sensitive data" into "we actually do, and we can show how."
Honoring Data Subject Rights
LGPD gives individuals the right to access, correct, delete, and port their data. Sounds simple on paper. Then you go to honor a deletion request and realize the data is scattered across multiple databases and dozens of tables.
Two things make this manageable:
- The database catalog gives you visibility into where personal data actually lives.
- The SQL Editor lets you run controlled operations, like a targeted deletion, under proper review and audit.
So when a user exercises their rights, you can respond accurately, and you can prove the deletion happened.
Being Ready for Incidents
If a breach exposes personal data, LGPD requires you to notify both the ANPD and the affected users. The middle of an incident is the worst possible moment to start asking who had access and what changed.
Bytebase keeps you ready ahead of time:
- Every SQL execution is logged and attributed to a person.
- Environment segregation keeps production data isolated from test and staging.
- Immutable records give you a clean trail for post-incident investigation.
With those in place you're not scrambling. You already know who touched what.
Proving and Maintaining Compliance
LGPD's last principle is accountability, and it's the one teams underestimate. Complying isn't enough. You have to be able to prove you complied.
With Bytebase, every schema update, permission change, and data fix runs through an approval workflow. All of it is traceable, reviewable, and exportable for audits. And because the same policies are enforced across every environment, compliance stops being a once-a-year fire drill and becomes the default.
Closing Thoughts
LGPD compliance starts where your data lives. Embed review, access control, and auditability directly into how you change the database, and the legal requirements stop being a separate project bolted on after the fact. They just become how the team works.
That's the whole point: the best compliance posture is the one nobody has to remember to follow, because the workflow enforces it for you.