What It Is

Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's landmark comprehensive data protection regulation. Enacted in 2018 with full enforcement from 2021, it protects personal data of natural persons via extraterritorial scope, applying to processing in Brazil, targeting residents, or collected there. It employs a risk-based approach with principles, rights, and obligations enforced by ANPD.

Key Components

• **10 core principlespurpose limitation, adequacy, necessity, transparency, security, prevention, non-discrimination, accountability.
• Data subject rights (Art. 18): access, correction, deletion, portability, anonymization, objection to automated decisions.
• 10 legal bases (Art. 7): consent, contracts, legitimate interests, sensitive data restrictions.
• **Governance toolsmandatory DPO, Records of Processing Activities (RoPAs), DPIAs for high-risk, 3-day breach notifications.
• **ANPD sanctionsgraduated fines to 2% Brazilian revenue (R$50M cap).

Why Organizations Use It

Mandatory for compliance, avoiding multimillion fines, operational halts, reputational harm. Builds stakeholder trust, enables market access in Brazil's digital economy, reduces cyber risks, leverages anonymization for innovation.

Implementation Overview

**Phased, risk-basedgovernance/DPO appointment, data mapping/RoPAs, policies/contracts/SCCs, technical controls/training/DSRs, monitoring/audits. Applies universally to public/private entities, all sizes, industries like fintech/healthcare/e-commerce; ANPD audits, no formal certification.

What It Is

ISO 13485:2016 is the international standard titled Medical devices — Quality management systems — Requirements for regulatory purposes. It establishes a risk-based framework for QMS to ensure organizations consistently provide safe medical devices meeting customer and regulatory needs across the device lifecycle, from design to post-market surveillance.

Key Components

• Organized into Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/analysis/improvement.
• Emphasizes documented procedures, validation, traceability, risk management (per ISO 14971), supplier controls, and post-market activities.
• Built on process approach; certification via accredited bodies through staged audits (Stage 1 readiness, Stage 2 implementation).

Why Organizations Use It

• Facilitates market access (EU MDR, FDA QMSR alignment by 2026), reduces compliance risks.
• Enhances patient safety, operational efficiency, supply chain resilience.
• Builds stakeholder trust, competitive edge via certification as regulatory maturity proxy.

Implementation Overview

• Phased approach: gap analysis, documentation/process design, training/validation, internal audits/management review, certification.
• Suited for manufacturers/suppliers globally; 9–18 months typical, scalable by size/complexity.