What It Is

Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's comprehensive federal data protection regulation. Enacted in 2018 and enforced since 2021, it safeguards personal data of natural persons with extraterritorial scope, applying to processing in Brazil, targeting residents, or collecting data there. It follows a risk-based approach with 10 core principles like purpose limitation, necessity, and accountability.

Key Components

• 10 principles (purpose limitation, adequacy, necessity, transparency, security, prevention, non-discrimination, accountability).
• Data subject rights (access, correction, deletion, portability, anonymization, objection to automated decisions).
• 10 legal bases for processing (consent, contracts, legitimate interests, etc.), stricter for sensitive data.
• Governance via mandatory DPO for controllers, records of processing, DPIAs for high-risk activities.
• Enforcement by ANPD with graduated sanctions up to 2% Brazilian revenue (R$50M cap).

Why Organizations Use It

LGPD compliance avoids hefty fines, operational suspensions, and reputational damage. It builds stakeholder trust, enables market access in Brazil's digital economy, and supports innovation via anonymization exemptions. Multinationals gain competitive edges through GDPR synergies and risk reduction.

Implementation Overview

Phased risk-based methodology: governance setup, data mapping/RoPA, policies, technical controls (encryption, access), DSR/incident processes, vendor management with SCCs, ongoing audits/training. Applies to all sizes/sectors processing Brazilian data; no certification but ANPD audits.

What It Is

ISO 41001:2018 is a certifiable international management system standard titled Facility management — Management systems — Requirements with guidance for use. It specifies requirements for a facility management (FM) system to ensure effective, efficient FM delivery supporting the demand organization's objectives, stakeholder needs, and sustainability in competitive environments. It follows the High-Level Structure (HLS) and PDCA cycle for risk-based planning and continual improvement.

Key Components

• Clauses 4-10: Context, Leadership, Planning, Support, Operation, Performance Evaluation, Improvement.
• FM-specific elements like stakeholder requirements, service integration, risk/continuity planning.
• Built on HLS for interoperability with ISO 9001/14001/45001.
• Certification via accredited third-party audits.

Why Organizations Use It

• Aligns FM strategically with business goals, reduces costs, enhances resilience.
• Manages risks (continuity, climate via 2024 Amendment), ensures compliance.
• Boosts occupant wellbeing, ESG performance, competitive bidding advantage.
• Builds stakeholder trust through measurable outcomes.

Implementation Overview

• Phased: gap analysis, policy/objectives, processes, audits, certification.
• Applicable to all sizes/sectors; 6-24 months typical.
• Involves training, digital tools (CMMS), internal audits, management reviews.