LGPD vs EN 1090
LGPD
Brazil's comprehensive regulation for personal data protection
EN 1090
EU standard for execution of steel and aluminium structures.
Quick Verdict
LGPD governs personal data protection for Brazilian residents with fines up to 2% revenue, while EN 1090 mandates CE marking for EU structural steel/aluminium via FPC certification. Companies adopt LGPD for compliance in Brazil's digital economy; EN 1090 for market access in European construction.
LGPD
Lei Geral de Proteção de Dados Pessoais (Law 13.709/2018)
Key Features
- Extraterritorial scope for Brazilian residents' data processing
- Ten core principles including prevention and non-discrimination
- Fines up to 2% Brazilian revenue capped at R$50 million
- Mandatory Data Protection Officer for controllers
- SCCs required for cross-border transfers under ANPD regulations
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Risk-based Execution Classes (EXC1-4) scaling controls
- Factory Production Control (FPC) certification required
- CE marking and Declaration of Performance (DoP)
- Welding quality management via ISO 3834 alignment
- Material traceability and NDT inspection regimes
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
LGPD Details
What It Is
Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's comprehensive data protection regulation. It governs personal data processing with extraterritorial scope, applying to any data of Brazilian residents. Modeled on GDPR but adapted locally, it uses a risk-based approach emphasizing accountability and data subject rights.
Key Components
- **Ten core principlespurpose limitation, necessity, transparency, security, prevention, non-discrimination, accountability.
- Ten legal bases for processing, including consent and legitimate interests.
- **Data subject rightsaccess, correction, deletion, portability, objection to automated decisions.
- **Governancemandatory DPO for controllers, DPIAs for high-risk activities, RoPAs.
- Enforced by ANPD with graduated sanctions.
Why Organizations Use It
LGPD compliance avoids fines up to 2% Brazilian revenue (R$50M cap), operational suspensions, and litigation. It builds trust, enables market access in Brazil's digital economy, reduces breach risks, and supports innovation via anonymization exemptions.
Implementation Overview
Phased, risk-based: governance setup, data mapping/RoPA, policies, technical controls, DSR/incident processes, vendor management, audits. Applies to all sizes/industries processing Brazilian data; no certification but ANPD audits required.
EN 1090 Details
What It Is
EN 1090 is the harmonized European standard family (EN 1090-1, -2, -3) for execution and conformity assessment of structural steel and aluminium components under the Construction Products Regulation (CPR). It enables CE marking via a risk-based approach using Execution Classes (EXC1–EXC4), scaling requirements by failure consequence, service, and production categories.
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification by Notified Bodies.
- **EN 1090-2/-3Technical rules for steel/aluminium fabrication, welding (ISO 3834), tolerances, corrosion protection, inspection/NDT.
- Core elements: traceability, personnel qualification, Declaration of Performance (DoP). Certification involves initial audits and ongoing surveillance.
Why Organizations Use It
- Mandatory for EU market access with CE marking.
- Reduces liability, ensures quality, unlocks high-risk projects.
- Builds trust, cuts rework, aligns with Eurocodes.
Implementation Overview
Phased: gap analysis, FPC development, welding quals, NB certification (3-12 months). Applies to fabricators in construction; requires technical/process changes, training.
Key Differences
| Aspect | LGPD | EN 1090 |
|---|---|---|
| Scope | Personal data protection and processing | Structural steel/aluminium execution and conformity |
| Industry | All sectors targeting Brazilian residents | Construction, steel/aluminium fabrication in EU/EEA |
| Nature | Mandatory national data protection law | Harmonized standard for CE marking under CPR |
| Testing | DPIAs for high-risk, incident reporting | FPC certification, ITT/ITC, surveillance audits |
| Penalties | Fines up to 2% Brazilian revenue, R$50M cap | Market exclusion, CE marking withdrawal, liability |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about LGPD and EN 1090
LGPD FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
CIS Controls v8.1 Metrics That Matter: KPIs, KRIs, and Dashboards for Board-Ready Cyber Reporting
Quantify CIS Controls v8.1 success with KPIs, KRIs & dashboards. Learn what to measure, calculations, and executive presentations linking security to business r
ISO 27701 2025 Update: Navigating Standalone Certification Myths, Audit Realities, and a 90-Day PIMS Launch Plan
Debunk ISO 27701 2025 standalone certification myths vs ISO 27001. Get a 90-day PIMS launch roadmap, checklists & audit prep to certify faster amid global priva
Scaling Compliance: How Modern Tools Transform Lean Teams into Regulatory Powerhouses
Discover how compliance monitoring tools empower lean teams to automate real-time checks, ensure GDPR/HIPAA/SOC 2 compliance, and scale oversight efficiently. T
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Explore More Comparisons
See how LGPD and EN 1090 compare against other standards