A Brazilian law similar to the GDPR that applies to data processing taking place in Brazil or targeting its people. Organizations must report incidents within 2 working days. Fines can reach up to 2% of an organization’s revenue, with a limit of 50 million reals per violation. Official text: LEI Nº 13.709, DE 14 DE AGOSTO DE 2018