How does Brazil's LGPD compare to GDPR?

LGPD shares GDPR's core principles but has different legal bases, lighter penalties, and unique provisions. Cleo maps both and highlights gaps for companies operating in both jurisdictions.

What penalties does the ANPD impose for LGPD violations?

The ANPD can impose fines of up to 2% of Brazilian revenue (capped at R$50 million per violation), daily penalty payments, data processing suspensions, and public disclosure of violations. Enforcement has accelerated since the first fine in 2023.

Does Brazil require data localization?

LGPD does not require strict data localization, but the Central Bank mandates that certain financial data be stored in Brazil. International data transfers are permitted under adequacy decisions, standard clauses, or specific consent. Cleo tracks evolving ANPD transfer guidance.

🇧🇷Brazil

DORA compliance in Brazil

DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.

Run a Free Scan

Enforcement authority

National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)

Maximum sanctions

Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.

Key obligations

What DORA requires from organizations operating in Brazil.

Implement ICT risk management framework

Establish ICT-related incident reporting procedures

Conduct digital operational resilience testing

Manage ICT third-party risk with contractual provisions

Participate in threat-led penetration testing (TLPT)

Local context in Brazil

DORA applies from January 17, 2025. Financial entities must ensure full compliance with ICT risk management requirements.

DORA by industry in Brazil

Retail & Consumer Goods Real Estate FinTech HealthTech Insurance Energy & Utilities Sustainability & ESG

Frequently asked questions

How does DORA apply in Brazil?

DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.

Who enforces DORA in Brazil?

National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)

What are the penalties for DORA non-compliance?

Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.

Read our complete DORA compliance guide

DORA in other jurisdictions

🇪🇺European Union 🇫🇷France 🇩🇪Germany 🇬🇧United Kingdom 🇺🇸United States 🇦🇺Australia 🇮🇳India

Check your DORA compliance now

Run a free scan to see your risk score and applicable obligations.

Run a Free Scan