What are the key requirements of LGPD for email marketing?

LGPD requires a lawful basis for processing personal data. For email marketing, the typical bases are consent (subscriber opted in) or legitimate interest (you have a justifiable reason and it doesn't override individual rights). Legitimate interest is more flexible than under GDPR but still requires documented assessment and balancing against data subject interests.

Transparency requirements mandate clear information about what data you collect, why, how it's used, and with whom it's shared. Privacy notices must be accessible and understandable. Subscribers have individual rights: access to their data, correction of inaccuracies, anonymization or deletion, data portability, information about third-party sharing, and the ability to revoke consent.

Organizations must implement appropriate security measures to protect personal data and maintain records of processing activities. Data breaches affecting individual rights must be reported to authorities. Consent, when used as the legal basis, must be free, informed, and unambiguous-similar to GDPR standards. LGPD compliance for email largely mirrors GDPR requirements: valid consent, transparency, individual rights, and security-treating them as equivalent simplifies global operations.