Treat cross-border transfer as a separate compliance decision with its own mechanism, disclosures, and contracts.
You need both a valid domestic legal basis and a valid transfer mechanism. One does not replace the other.
Structured answer sets in this page tree.
Cited legal and guidance references.
Articles 33 to 35 and the ANPD transfer regulation require more than a contract label. First confirm that the activity is an international transfer, that LGPD applies to the underlying processing, and that the transfer has a valid legal basis. Then choose the transfer mechanism and meet the transparency and contract duties that go with it.
The ANPD transfer regulation distinguishes international transfer from international collection. A transfer exists when an exporter transmits, shares, or provides access to personal data to an importer in another country or to an international organization.
That analysis should include onward transfers and subprocessor chains, not only the first foreign recipient.
The transfer regulation requires the controller to verify that the operation is supported by both a legal basis and a valid transfer mechanism. Valid mechanisms include adequacy recognition by ANPD, standard contractual clauses, specific contractual clauses, binding corporate rules, and other Article 33 cases that do not depend on regulation.
There is no hierarchy in principle, but some mechanisms can be used immediately while others require prior ANPD recognition or approval.
Research Copilot can take Brazil LGPD International Transfers from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on Brazil LGPD can keep owners, evidence, and next steps aligned without copying this guide into separate documents.
Start from Brazil LGPD International Transfers and answer scope, timing, and interpretation questions with cited outputs.
Review your current process, evidence gaps, and next steps for Brazil LGPD International Transfers.
The controller must publish, on its website, a document in Portuguese, using simple, clear, precise, and accessible language, with information about the form, duration, and specific purpose of the transfer, the destination country, and the applicable rights and responsibilities.
Data subjects can also request the full text of the clauses used for the transfer, subject to commercial and industrial secrecy.
ANPD standard contractual clauses must be adopted in full and can be embedded in a dedicated transfer agreement or as an addendum to a broader contract. Binding corporate rules are only valid for the entities and countries they actually cover and need a responsible entity in Brazil that answers for violations.
Both mechanisms need a process for updates, changes, legal conflicts, and rights handling within the deadlines already recognized by LGPD.