The fine gives no warning
Brazil's LGPD allows fines up to 2% of revenue, capped at R$ 50 million. And it's per violation, not in total: each slip counts on its own and the total adds up fast.
Compliance & privacy
Real compliance, operated by people who know it.
LGPD, GDPR, SOC 2 and ISO 27001 without you becoming an expert. FM gets your company compliant and keeps it that way, day to day, run by specialists certified in governance and security. You don't study the rules, we operate them.
Free Compliance Check We operate, we don't lecture you Outsourced DPO is allowed
The cost of ignoring it
Putting it off doesn't save money. It just grows the bill.
Almost no one acts out of conviction. They act when the problem has already knocked: a customer complaint, an audit, a breach. And by then what was cheap to fix before has become far too expensive.
GDPR ignores borders
A single customer in Europe is enough for it to apply to you. The fine reaches 4% of global revenue or 20 million euros, whichever is higher. Being based elsewhere does not put you out of reach.
The breach is the most expensive part
The fine is only what shows. An incident brings investigation, mandatory notification, a customer who sues, a contract that falls through and a reputation that takes years to rebuild.
Compliance is not an expense, it is protection. Getting compliant beforehand costs a fraction of putting out the fire after it has started.
Get my free Compliance CheckWhat we do
Four fronts, from diagnosis to operation.
You choose where to start. We run each one end to end.
Compliance Check
A 30-minute first analysis to map where your company is exposed on privacy and security, and what's a priority. Free and with no commitment.
LGPD/GDPR implementation
We get your company compliant: policies, legal basis, data flow, consent, data-subject rights and incident response. Implemented, not just recommended.
SOC 2 / ISO 27001 readiness
We prepare your operation for a SOC 2 or ISO 27001 audit: controls, evidence and processes ready to pass, no surprises when the auditor shows up.
DPO-as-a-Service
FM acts as your outsourced Data Protection Officer: monitors, responds to data subjects and the authority, and keeps compliance alive. The law allows outsourcing this role.
Why FM
Who operates your compliance matters.
FM is AI-native: we don't hand you a manual and disappear, we operate compliance for you, with technology that keeps everything monitored and auditable. You follow along, without becoming an expert in the rules.
We choose our clients and take on a few per month, with excellence. Compliance done in a rush protects no one, so we prefer quality over volume.
Governance, compliance and cybersecurity
Michelle G. Andrade
- Co-founder of FM Solutions
- Specialist in GRC and cybersecurity
- ISACA and PMI member
Verifiable certifications
How it works
From Compliance Check to implementation, transparently.
It starts with a free diagnosis and goes all the way to running your compliance day to day. Each step is clear and you follow it from start to finish.
1º
Step
Compliance Check
We understand your operation and map where you are exposed and what's a priority. Free and with no commitment.
2º
Step
Compliance roadmap
We turn the diagnosis into a clear roadmap: what to fix, which controls to implement, scope and timeline. You approve before we start.
3º
Step
Implementation
We put the policies, processes and technical controls in place, with documentation and training for your team. Compliance that works in practice, not just on paper.
4º
Step
Audit and ongoing operation
We prepare your company for a SOC 2 or ISO 27001 audit when it applies, and run compliance day to day: DPO-as-a-Service, monitoring and response to incidents and to the regulator.
FAQ
Before you start.
What is data protection law and why should my company care?
Privacy laws like Brazil's LGPD and Europe's GDPR define how every company can collect, store and use personal data from customers, employees and suppliers. If you hold someone's name, phone, email or ID, you process personal data and the law applies. It is not red tape: it is what protects your company from fines, lawsuits and losing customer trust.
My company is small. Does the law apply to me too?
Yes. These laws have no exemption by size: they apply to freelancers, sole proprietors, small and large companies alike. What changes is the proportion of the requirements, not the obligation itself. Micro businesses get a simplified regime, but still need to be compliant.
Am I processing personal data without realizing it?
Almost certainly yes. A customer list in a spreadsheet, a WhatsApp conversation, an email list, a job applicant's resume, an employee file, a security camera: all of that is processing of personal data. Most companies are exposed without knowing it, which is why the diagnosis is the first step.
I already use secure tools like Google and Microsoft. Doesn't that make me compliant?
No. The tool's security protects the infrastructure, but compliance is about what you do with the data: on what basis you collect it, how long you keep it, who has access and how you respond when a customer asks to be deleted. Using a good provider helps, but it does not replace having your own policies, processes and controls.
What happens if I don't comply?
Regulators can fine you a percentage of revenue (up to 2% under LGPD, capped at R$ 50 million per infraction, and up to 4% of global revenue under GDPR), plus warnings, data blocking and even a ban on processing data. And then the priceless part: an exposed leak, a customer who sues, trust that does not come back. Getting compliant costs far less than the risk.
Do I need to worry about GDPR if I serve clients in Europe?
Yes. If you offer products or services to people in the European Union, or monitor their behavior, GDPR applies even if your company is based elsewhere. And the fines are larger: up to 4% of global revenue. If you sell or serve abroad, this is on your radar.
Where do I start?
With the free Compliance Check. In a 30 minute conversation we understand your operation, map where you are exposed and show you what's a priority. You walk away knowing the real size of your risk, with no commitment and no cost.
How much does it cost to get compliant?
It depends on the scope, which comes out of the free Compliance Check. Compliance projects usually start between US$ 3,000 and US$ 7,000, varying with company size and the complexity of the data you handle. You only decide after seeing the plan and the investment in writing.
How long until I'm compliant?
An initial privacy compliance project usually takes 4 to 8 weeks. SOC 2 or ISO 27001 readiness takes longer, depending on your current maturity. The Check gives you the real timeline for your case.
What are SOC 2 and ISO 27001, and do I need them?
They are globally recognized information security certifications. You need them when a large customer, an investor or a contract requires proof that your company protects the data it receives. If no one has asked yet, it may just be a matter of time, and we prepare you for that moment.
Are you lawyers?
No. We are the compliance operation: we implement and maintain the technical controls and processes day to day. The legal side stays with your lawyer, and we work alongside them when needed.
What is a DPO and can the role be outsourced?
The DPO (Data Protection Officer) is the person responsible for looking after data privacy in the company and dealing with regulators and data subjects. Privacy law allows this role to be outsourced to a specialized company or firm instead of hiring someone in-house. That is exactly our DPO-as-a-Service.
Start at no cost
Find out where you are exposed. For free.
The Compliance Check is free and with no commitment. You leave it knowing where your company is vulnerable and what the next step is.