For purposes of this Law, the following definitions apply:

For purposes of this Law, the following definitions apply:
I – personal data: information regarding an identified or identifiable natural person;
II – sensitive personal data: personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data, when related to a natural person;
III – anonymized data: data related to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of the processing;
IV – database: structured set of personal data, kept in one or several locations, in electronic or physical support;
V – data subject: a natural person to whom the personal data that are the object of processing refer to;
VI – controller: natural person or legal entity, of public or private law, that has competence to make the decisions regarding the processing of personal data;
VII – processor: natural person or legal entity, of public or private law, that processes personal data in the name of the controller;
VIII – officer: natural personal, appointed by the controller, who acts as a communication channel between the controller and the data subjects and the national authority;
IX – processing agents: the controller and the processor;
X – processing: any operation carried out with personal data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination or extraction;
XI – anonymization: use of reasonable and available technical means at the time of the processing, through which data loss the possibility of direct or indirect association with an individual;
XII – consent: free, informed and unambiguous manifestation whereby the data subject agrees to her/his processing of personal data for a given purpose;
XIII – blocking: temporary suspension of any processing operation, by means of retention of the personal data or the database;
XIV – deletion: exclusion of data or a set of data stored in a database, irrespective of the procedure used;
XV – international data transfer: transfer of personal data to a foreign country or to an international entity of which the country is a member;
XVI – shared use of data: communication, dissemination, international transfer, interconnection of personal data or shared processing of banks of personal data by public agencies and entities, in compliance with their legal competences, or between these and private entities, reciprocally, with specific authorization, for one or more types of processing allowed by these public entities, or among private entities; XVII –impact report on protection of personal data: documentation from the controller that contains the description of the proceedings of processing of the personal data that could generate risks to civil liberties and fundamental rights, as well as measures, safeguards and mechanisms to mitigate the risk;
XVIII – research body: body or entity of the direct or indirect public administration or a nonprofit legal entity of private law, legally organized under the Brazilian law, with headquarter and jurisdiction in Brazil, that includes in its institutional mission or in its corporate or statutory purposes basic or applied research of historic, scientific, technological or statistical nature;
XIX – national authority: body of the indirect public administration responsible for supervising, implementing and monitoring the compliance with this Law.