🇧🇷 Live Pharmaceuticals & Life Sciences

Lei Geral de Proteção de Dados Pessoais — LGPD (Law No. 13,709/2018)

Brazil's general data protection law governing the processing of personal data by organisations.

View official source document

Rules extracted

200

Obligations decomposed

10.5x

Avg obligations per rule

🇧🇷 Brazil

Jurisdiction

About this regulation

Brazil's comprehensive data protection law, modeled after the EU GDPR. Enacted in 2018 with enforcement beginning September 2020 (administrative sanctions from August 2021). Establishes 10 legal bases for processing, special rules for sensitive data and children's data, data subject rights, controller/processor obligations, DPO requirements, international transfer mechanisms, the ANPD as supervisory authority, and an administrative sanctions regime with fines up to 2% of annual revenue capped at BRL 50 million per violation. Applies to any processing of personal data carried out in Brazil, or where data was collected in Brazil, or where the processing aims to offer goods/services to individuals in Brazil.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

200

Obligations

10.5x

Decomposition ratio

Each rule is decomposed into an average of 10.5 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 200 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in LGPD is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: Lei Geral de Proteção de Dados Pessoais — LGPD (Law No. 13,709/2018)
Regulatory body: Autoridade Nacional de Proteção de Dados
Jurisdiction: 🇧🇷 Brazil
Document type: statute
Effective date: September 18, 2020
Issuing authority: National Congress of Brazil — Autoridade Nacional de Proteção de Dados (ANPD)
Industry: Pharmaceuticals & Life Sciences
Official source: View source document ↗

Who this applies to

controllersprocessorsprocessing agentsDPOs (Encarregados)

Key requirements

10 legal bases for processing
sensitive data special rules
children's data protection
data subject rights (9 rights)
controller/processor obligations
DPO appointment
international transfer mechanisms
breach notification to ANPD
administrative sanctions up to 2% of revenue capped at BRL 50M

Frequently asked questions about LGPD

What is LGPD?

Who does LGPD apply to?

LGPD applies to controllers, processors, processing agents, DPOs (Encarregados).

How many obligations does LGPD contain?

AuditDSS has decomposed LGPD into 200 atomic obligations from 19 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of LGPD?

The key requirements include: 10 legal bases for processing, sensitive data special rules, children's data protection, data subject rights (9 rights), controller/processor obligations, DPO appointment, international transfer mechanisms, breach notification to ANPD, administrative sanctions up to 2% of revenue capped at BRL 50M.

How can I assess my LGPD compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 200 LGPD obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces LGPD?

LGPD is enforced in Brazil by Autoridade Nacional de Proteção de Dados.

When did LGPD come into effect?

LGPD became effective on September 18, 2020.

What industry does LGPD apply to?

LGPD is primarily relevant to the Pharmaceuticals & Life Sciences industry. AuditDSS covers 68 regulations in this industry sector.

Build a LGPD compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for LGPD — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering LGPD requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine LGPD with other regulations into a single unified compliance pack for your business.

Build LGPD compliance pack

Already have a policy? Assess it against LGPD

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 200 obligations

Your document is scored against every obligation in LGPD. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.