29 lines
1.2 KiB
Org Mode
29 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-lgpd
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:lgpd:
|
|
|
|
|
|
Brazil's comprehensive privacy law (effective 2020, fines effective 2023).
|
|
Modeled on GDPR but with differences: LGPD defines "data processing agents"
|
|
(controller and operator), requires appointment of DPO (data protection officer),
|
|
mandates breach notification to ANPD (National Data Protection Authority) and
|
|
affected data subjects. 10 legal bases for processing (vs 6 in GDPR).
|
|
|
|
Penalties: Up to 2% of revenue in Brazil per violation, capped at 50M BRL
|
|
(~$10M) per violation. ANPD can also order suspension of processing, partial
|
|
or total prohibition of database operation.
|
|
|
|
Who must comply: Any organization (public or private) processing personal data
|
|
of Brazilian residents, regardless of where the organization is based. No
|
|
revenue threshold.
|
|
|
|
Why it matters: LGPD affects every business operating in Latin America's largest
|
|
economy. The 2% revenue penalty structure creates strong economic incentive.
|
|
First-mover advantage: fewer compliance automation vendors in the Portuguese
|
|
market. A Portuguese-language gate package with LGPD-specific consent and data
|
|
subject rights gates captures a market of 210M people.
|
|
|