Brazil's General Data Protection Law — broadly aligned with GDPR with Brazil-specific enforcement and DPO regime.
Any organisation processing personal data of data subjects in Brazil.
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Lawful basis for processing.
Data Protection Officer (Encarregado) appointment.
ANPD notification of breaches likely to cause significant risk or damage.
International transfer mechanisms aligned with ANPD regulation.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
ANPD notification template and timer.
Encarregado registry with role evidence.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Article 37 LGPD record (analogous to GDPR Art. 30).
ANPD breach register.
These frameworks share substantial control overlap with LGPD. Customers running one assessment typically satisfy the others with the same evidence base.
European Union
The EU's General Data Protection Regulation — the global gravity well of privacy law since 2018.
North America
The California consumer privacy law that introduced the right to delete, opt-out of sale/share, and limit use of sensitive personal information.
Latin America & Africa
South Africa's Protection of Personal Information Act — comprehensive data protection law with conditions for lawful processing.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.