LGPD Data Consent and Privacy Form

LGPD Data Consent and Privacy Form Template for Brazilian Businesses

Brazil's Lei Geral de Proteção de Dados (LGPD) requires businesses to obtain clear, informed consent before collecting and processing personal data. This comprehensive LGPD consent form template helps Brazilian businesses comply with data protection regulations by providing transparent disclosures, granular consent options, and proper record-keeping documentation.

Why Your Business Needs an LGPD Consent Form

Since the LGPD came into force, Brazilian businesses must demonstrate that they've obtained valid, documented consent from data subjects before processing their personal information. Whether you're collecting customer data for marketing, processing employee information, or managing client records, this form ensures you meet your legal obligations while building trust with data subjects.

This template is designed specifically for Brazilian businesses that need to collect consent in accordance with Articles 7, 8, and 9 of the LGPD, providing clear information about data processing purposes, storage periods, and data subject rights.

Who Should Use This LGPD Consent Form

This form template is essential for:

• Brazilian businesses of all sizes collecting personal data from customers, employees, or clients
• E-commerce stores processing CPF, addresses, and payment information
• SaaS companies operating in Brazil or serving Brazilian customers
• Healthcare providers collecting sensitive health data under LGPD requirements
• Marketing agencies processing data for client campaigns and analytics
• HR departments managing employee personal information
• Financial services handling CPF, CNPJ, and financial data
• Educational institutions processing student and parent information
• Service providers collecting customer data for service delivery

What Makes This Form LGPD-Compliant

This template includes all the essential elements required for LGPD compliance:

Transparent Data Processing Information: Clear explanations of what data you collect, why you need it, how long you'll keep it, and who you'll share it with—all written in accessible Portuguese that data subjects can understand.

Granular Consent Checkboxes: Separate consent options for different processing purposes, allowing data subjects to choose exactly how their data is used rather than forcing bundled consent.

Data Subject Rights Notice: Complete information about rights under the LGPD, including access, correction, deletion, portability, and the right to revoke consent at any time.

Record-Keeping Fields: Automatic timestamp and documentation to prove consent was obtained, helping you respond to ANPD inquiries and demonstrate compliance during audits.

Special Category Data Handling: Dedicated sections for sensitive data processing when applicable, with appropriate additional disclosures and consent requirements.

How Paperform Makes LGPD Compliance Simple

Managing data consent doesn't have to be complex. Paperform makes it easy to collect, store, and manage LGPD-compliant consent with features designed specifically for regulatory requirements:

• Secure data storage with SOC 2 Type II compliance and encryption to protect personal information
• Automatic timestamps on every submission for consent record-keeping
• Conditional logic to show relevant consent options based on processing purposes
• Data residency controls to keep Brazilian data within compliant jurisdictions
• PDF generation to create consent records for your archives
• Integration with CRMs like HubSpot, Pipedrive, and others to keep consent records synced
• Custom confirmation pages to acknowledge consent and provide data subject rights information

Automate Your LGPD Compliance Workflow with Stepper

Once you've collected consent, Stepper (stepper.io) can help you automate the entire compliance workflow:

• Route consent records to your legal, compliance, or data protection officer for review
• Update your CRM with consent preferences and processing permissions
• Create audit trails by logging consent to spreadsheets or databases
• Send confirmation emails with consent details and withdrawal instructions
• Trigger notifications to relevant teams when sensitive data processing is approved
• Manage consent expiration by flagging records that need renewal after your retention period

This automation ensures your business maintains continuous LGPD compliance without manual tracking or spreadsheet chaos.

What to Include in Your LGPD Consent Form

Every effective LGPD consent form should cover:

1. Data controller identification: Your company's name, CNPJ, and contact information for the Data Protection Officer or responsible person
2. Purpose specification: Clear explanation of each purpose for data processing
3. Legal basis: Whether consent is the legal basis or another legitimate ground under Article 7
4. Data categories: What personal data you'll collect (name, CPF, email, phone, address, etc.)
5. Processing activities: How you'll use, store, and protect the data
6. Sharing and transfers: Whether data will be shared with third parties or transferred internationally
7. Retention period: How long you'll keep the personal data
8. Data subject rights: Complete information about rights to access, correction, deletion, portability, and consent revocation
9. Consent withdrawal: Clear instructions on how to withdraw consent at any time
10. Contact information: How to reach your DPO or privacy team with questions

Customizing This Form for Your Business

This template provides a solid foundation, but you should customize it to match your specific data processing activities:

• Add your company details: Include your business name, CNPJ, and DPO contact information
• Specify your purposes: List the exact reasons you're collecting data (service delivery, marketing, analytics, etc.)
• Define your retention: State how long you'll keep different categories of data
• List your partners: If you share data with third parties, name them or describe their categories
• Add industry-specific fields: Include additional disclosures for healthcare (sensitive data), financial services, or other regulated sectors
• Customize the design: Apply your brand colors, logo, and fonts to build trust and recognition

Industries That Benefit Most from This Template

While LGPD applies to all Brazilian businesses processing personal data, this form is particularly valuable for:

• Retail and E-commerce: Collecting customer data for orders, shipping, and marketing
• Professional Services: Managing client information for consulting, legal, accounting, and coaching
• Healthcare: Processing patient data with appropriate sensitive data protections
• Education: Collecting student, parent, and employee information
• Real Estate: Managing buyer, seller, and renter personal data
• Marketing and Advertising: Processing data for campaigns and analytics
• Financial Services: Handling CPF, bank details, and financial information
• Technology and SaaS: Collecting user data for platform access and services

Maintaining Ongoing LGPD Compliance

Collecting consent is just the beginning. To maintain LGPD compliance:

• Keep consent records securely stored with timestamps and details of what was consented to
• Honor consent withdrawal requests promptly and document the process
• Review consent periodically to ensure it's still valid for your current processing activities
• Update your form when your data processing practices change
• Train your team on LGPD requirements and consent management procedures
• Prepare for ANPD inquiries by having clear documentation of your consent collection process

With Paperform's secure storage, automatic timestamping, and integration capabilities, maintaining this documentation is straightforward and audit-ready.

Get Started with LGPD-Compliant Data Collection

Whether you're launching a new business in Brazil, expanding operations to serve Brazilian customers, or upgrading your compliance practices to meet LGPD standards, this form template provides the foundation you need. Customize the consent purposes and data categories to match your operations, apply your brand design, and start collecting compliant consent that protects both your business and your data subjects' rights.

Paperform makes it simple to create professional, compliant forms that work seamlessly with your existing tools and workflows—no coding required, just a clean document-style editor that lets marketing, operations, and compliance teams own their data collection processes with confidence.