LGPD Compliance

Brazilian General Data Protection Law, Lei Geral de Proteção de Dados (LGPD) requires companies to comply with strict requirements related to the processing of personal data with the aim of protecting the fundamental rights of freedom and privacy, irrespective of their geographical presence. If an organization is not compliant with LGPD, the ANPD may impose fine upto 2% of the company's gross revenue in the previous year or 50 million Brazilian Reais whichever is higher, per violation. In addition, the organisation may be temporarily or permanently suspended from processing all activities for certain violations. Hence it is necessary that an organization collecting personal data relating to Brazilian data subjects are compliant with LGPD. The following table shows how Mobile Device Manager Plus helps you with meeting the LGPD standards:

LGPD Article Number Article Description How Mobile Device Manager Plus(MDMP) helps?

Necessity: Limitation of the processing to the minimum necessary to achieve its purposes, covering data that are relevant, proportional and non-excessive in relation to the purposes of the data processing

Track devices only when lost.

Collect and display only data required according to the organization's standards.

6.VI Transparency: Guarantee to the data subjects of clear, precise and easily accessible information about the carrying out of the processing and the respective processing agents, subject to commercial and industrial secrecy

Create Terms of Use Policy and notify users regarding the permissions/data required and how it is utilized in MDM.

Create Device Privacy policy and let the device users view the Device Privacy policy and the reason(s) for collecting device data on their device in the MDM app.

6.VII & 6.VIII

Security: Use of technical and administrative measures which are able to protect personal data from unauthorized accesses and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;

Prevention: Adoption of measures to prevent the occurrence of damages due to the processing of personal data;

Gain visibility into mobile users trying to access your Exchange server, and restrict them from accessing any personal data. 

Provide role based access to specific module to ensure only requisite data are shown and are allowed to carry out only specific processing activities.

Mask or hide PII when exporting data from the console.

Encrypt sensitive business information stored on managed mobile devices.

7.X Permanent deletion of personal data that has been provided to an internet application, upon request, at the termination of the relationship between the parties, except in the situations in which storage of records is obligatory, as provided in this Law and in that which governs personal data protection

When an employee leaves the organization, the device will be removed from management. Once the device goes unmanaged, all the device details will be deleted from the server. Only the device name will be saved for auditing purposes.


Consent may be revoked at any time, by express manifestation of the data subject, through a facilitated and free of charge procedure, with processing carried out under previously given consent remaining valid as long as there is no request for deletion 

Users can revoke management whenever they wish to. But upon revoking management, they cannot access corporate data from their devices.


The processing of personal data shall be terminated under the following circumstances: I – verification that the purpose has been achieved or that the data are no longer necessary or pertinent to achieve the specific purpose intended; II – end of the processing period

The device data will be deleted from the server once the device goes unmanaged. Only the device name will be saved for auditing purposes.

35 The controller and the processor shall keep records of personal data processing operations carried out by them, especially when based on legitimate interest Maintain a record of all the processing activities performed on the MDM console to prevent unauthorised activities.
47 Processing agents shall adopt security, technical and administrative measures able to protect personal data from unauthorized accesses and accidental or unlawful situations of destruction, loss, alteration, communication or any type of improper or unlawful processing
Seperate corporate and personal space on managed mobile devices. Gain total control over corporate data while having zero control over personal data.

Corporate wipe or complete wipe if the devices are lost or stolen, in order to protect data from unauthorised access.

Get notified when a device is uncompliant with organizational policies.

Detect jailbroken and rooted devices and remove them from management.

Securely distribute and view content using ME MDM app. 

Restrict unauthorised data sharing through USBM Wi-Fi, Bluetooth, and AirDrop.

Restrict data sharing between managed and unmanaged apps. Blocklist apps with security vulnerabilities.

Restrict third party cloud backup.