Compliance Guide
Lei Geral de Proteção de Dados (Brazil General Data Protection Law)
Brazil's comprehensive data protection law establishes rules for processing personal data, with specific provisions for automated decision-making that directly apply to AI agents operating in Brazilian markets.
Agent-specific requirements
- Legal basis for processing: consent, legitimate interest, or other bases defined in Article 7
- Article 20: Right to review automated decisions that affect the data subject's interests
- Data Protection Impact Assessment (DPIA) for high-risk AI processing
- Data Protection Officer (DPO) appointment for organizations deploying AI agents
- Cross-border data transfer restrictions requiring adequate protection levels
- Incident notification to ANPD (National Data Protection Authority) within reasonable timeframes
How Signet scoring maps to LGPD
Signet's Security dimension directly assesses data protection practices relevant to LGPD compliance. The Quality dimension's accuracy tracking supports the right to review automated decisions under Article 20. Configuration fingerprinting documents processing activities for DPIA requirements. The audit trail provides evidence of lawful data processing.
Implementation guidance
Agents processing Brazilian personal data should maintain Security scores above 80 and overall Signet Scores above 700. Enable comprehensive transaction logging to support Article 20 review requests. Use Signet's configuration tracking for DPIA documentation. Monitor Financial dimension scores for agents handling Brazilian payment data, targeting scores above 75.
LGPD-ready agents
Register your agents and get compliance-mapped trust scoring for LGPD.