What It Is

Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's landmark data protection regulation. It safeguards personal data of identified or identifiable individuals with extraterritorial scope applying to processing in Brazil, targeting residents, or collected there. Adopts a risk-based approach via 10 principles like purpose limitation, necessity, transparency, and accountability.

Key Components

• **10 principlesPurpose limitation, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability.
• **Data subject rightsAccess, correction, deletion, portability, anonymization, objection to automated decisions.
• **10 legal basesConsent, contracts, legal obligations, legitimate interests, etc.; stricter for sensitive data.
• **GovernanceMandatory DPO for controllers, processing records, DPIAs for high-risk, enforced by ANPD with graduated sanctions.

Why Organizations Use It

• Mandatory to avoid fines up to 2% Brazilian revenue (R$50M cap), suspensions, reputational harm.
• Builds trust, enables market access in Brazil's digital economy, mitigates cyber risks, leverages anonymization for innovation.

Implementation Overview

Phased risk-based: governance/DPO appointment, data mapping/RoPA, policies/contracts/SCCs, technical controls/training, DSR/incident response, monitoring/audits. Applies universally to public/private entities processing Brazilian data; ANPD audits, no formal certification.

What It Is

ISO 14064 (Parts 1:2018, 2:2019, 3:2019) is an international standard family for greenhouse gas (GHG) quantification, reporting, and verification. It provides modular requirements for credible organizational inventories, project reductions/removals, and independent assurance, emphasizing principle-based approaches like boundary setting and uncertainty management.

Key Components

• **Three interdependent partsISO 14064-1 (organization-level inventories), ISO 14064-2 (project accounting), ISO 14064-3 (validation/verification).
• **Five core principlesrelevance, completeness, consistency, transparency, accuracy.
• Scopes 1-3 emissions categorization, baseline scenarios, risk-based assurance.
• Voluntary compliance via third-party verification, aligned with GHG Protocol.

Why Organizations Use It

• Enables regulatory readiness (e.g., CSRD, SB-253), investor trust, and carbon market access.
• Drives decarbonization insights, risk mitigation, and supply-chain improvements.
• Builds stakeholder confidence through auditable, comparable GHG data.

Implementation Overview

• Phased approach: governance, boundary design, data collection, reporting, verification.
• Applies to all sizes/industries globally; 6-12 months typical for mid-sized firms.
• Optional but recommended third-party assurance under ISO 14064-3.