GRADUM
    Standards Comparison

    LGPD

    Mandatory
    2020

    Brazil's comprehensive regulation for personal data protection

    VS

    EN 1090

    Mandatory
    2009

    EU standard for execution of steel and aluminium structures.

    Quick Verdict

    LGPD governs personal data protection for Brazilian residents with fines up to 2% revenue, while EN 1090 mandates CE marking for EU structural steel/aluminium via FPC certification. Companies adopt LGPD for compliance in Brazil's digital economy; EN 1090 for market access in European construction.

    Data Privacy

    LGPD

    Lei Geral de Proteção de Dados Pessoais (Law 13.709/2018)

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    12-18 months

    Key Features

    • Extraterritorial scope for Brazilian residents' data processing
    • Ten core principles including prevention and non-discrimination
    • Fines up to 2% Brazilian revenue capped at R$50 million
    • Mandatory Data Protection Officer for controllers
    • SCCs required for cross-border transfers by August 2025
    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Risk-based Execution Classes (EXC1-4) scaling controls
    • Factory Production Control (FPC) certification required
    • CE marking and Declaration of Performance (DoP)
    • Welding quality management via ISO 3834 alignment
    • Material traceability and NDT inspection regimes

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    LGPD Details

    What It Is

    Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's comprehensive data protection regulation. It governs personal data processing with extraterritorial scope, applying to any data of Brazilian residents. Modeled on GDPR but adapted locally, it uses a risk-based approach emphasizing accountability and data subject rights.

    Key Components

    • **Ten core principlespurpose limitation, necessity, transparency, security, prevention, non-discrimination, accountability.
    • Ten legal bases for processing, including consent and legitimate interests.
    • **Data subject rightsaccess, correction, deletion, portability, objection to automated decisions.
    • **Governancemandatory DPO for controllers, DPIAs for high-risk activities, RoPAs.
    • Enforced by ANPD with graduated sanctions.

    Why Organizations Use It

    LGPD compliance avoids fines up to 2% Brazilian revenue (R$50M cap), operational suspensions, and litigation. It builds trust, enables market access in Brazil's digital economy, reduces breach risks, and supports innovation via anonymization exemptions.

    Implementation Overview

    Phased, risk-based: governance setup, data mapping/RoPA, policies, technical controls, DSR/incident processes, vendor management, audits. Applies to all sizes/industries processing Brazilian data; no certification but ANPD audits required.

    EN 1090 Details

    What It Is

    EN 1090 is the harmonized European standard family (EN 1090-1, -2, -3) for execution and conformity assessment of structural steel and aluminium components under the Construction Products Regulation (CPR). It enables CE marking via a risk-based approach using Execution Classes (EXC1–EXC4), scaling requirements by failure consequence, service, and production categories.

    Key Components

    • **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification by Notified Bodies.
    • **EN 1090-2/-3Technical rules for steel/aluminium fabrication, welding (ISO 3834), tolerances, corrosion protection, inspection/NDT.
    • Core elements: traceability, personnel qualification, Declaration of Performance (DoP). Certification involves initial audits and ongoing surveillance.

    Why Organizations Use It

    • Mandatory for EU market access with CE marking.
    • Reduces liability, ensures quality, unlocks high-risk projects.
    • Builds trust, cuts rework, aligns with Eurocodes.

    Implementation Overview

    Phased: gap analysis, FPC development, welding quals, NB certification (3-12 months). Applies to fabricators in construction; requires technical/process changes, training.

    Key Differences

    Scope

    LGPD
    Personal data protection and processing
    EN 1090
    Structural steel/aluminium execution and conformity

    Industry

    LGPD
    All sectors targeting Brazilian residents
    EN 1090
    Construction, steel/aluminium fabrication in EU/EEA

    Nature

    LGPD
    Mandatory national data protection law
    EN 1090
    Harmonized standard for CE marking under CPR

    Testing

    LGPD
    DPIAs for high-risk, incident reporting
    EN 1090
    FPC certification, ITT/ITC, surveillance audits

    Penalties

    LGPD
    Fines up to 2% Brazilian revenue, R$50M cap
    EN 1090
    Market exclusion, CE marking withdrawal, liability

    Frequently Asked Questions

    Common questions about LGPD and EN 1090

    LGPD FAQ

    EN 1090 FAQ

    You Might also be Interested in These Articles...

    NIST CSF 2.0 Deep Dive: Mastering the Updated Framework Core Functions

    NIST CSF 2.0 Deep Dive: Mastering the Updated Framework Core Functions

    Unpack NIST CSF 2.0's enhanced Core Functions: Govern, Identify, Protect, Detect, Respond, Recover. Get SME playbooks, governance shifts & strategies for cyber

    From Reactive Gatekeeper to Proactive Strategist: How Compliance Software Reshapes the Compliance Professional's Day

    From Reactive Gatekeeper to Proactive Strategist: How Compliance Software Reshapes the Compliance Professional's Day

    Discover how compliance software automates monitoring, delivers real-time insights, and transforms compliance pros from reactive gatekeepers to proactive strate

    5 Ways Modern Compliance Software Makes Evolving Regulations Your Strategic Advantage

    5 Ways Modern Compliance Software Makes Evolving Regulations Your Strategic Advantage

    Discover 5 ways modern compliance software turns evolving regulations into strategic advantage. Automate monitoring, cut 3x non-compliance costs, stay audit-rea

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    COBIT vs REACH

    COBIT vs REACH: IT governance powerhouse meets EU chemicals regulation. Compare key differences, implementation strategies & compliance insights to align tech risks with regulatory demands now!

    NIST CSF vs SAFe

    Explore NIST CSF vs SAFe: Cyber risk mgmt (Govern, Profiles, Tiers) meets agile scaling (ARTs, PIs). Uncover diffs, benefits & synergy for enterprise agility. Dive in now!

    FISMA vs ISO 56002

    FISMA vs ISO 56002: U.S. cybersecurity law meets global innovation framework. Compare compliance, RMF strategies, risks & benefits for resilient leadership. Unlock insights now!