ChecklistAudit Ready Controls

Brazil LGPD Checklist

Use the checklist to test whether the program can actually operate under scrutiny.

Each line should end in a named owner, current evidence, and a clear pass or fail state.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

A useful LGPD checklist checks operational proof, not only document existence. The control should point to the article or ANPD expectation, the evidence location, and the person who can explain how it works today.

Section 1

Scope and governance checklist

Start with the controls that explain why the organization believes LGPD applies and who is accountable for which processing decisions.

  • Article 3 and 4 scope memo exists and is current
  • Controller, operator, and suboperator roles are mapped by processing activity
  • DPO appointment is formalized and contact details are published
  • Processing records exist, especially for legitimate-interest processing
Recommended next step

Turn Brazil LGPD Checklist into an operational assessment

Assessment Autopilot can take Brazil LGPD Checklist from turning this checklist into an operational workflow to a reusable workflow inside Sorena. Teams working on Brazil LGPD can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Assessment workflow
Open Assessment Autopilot for Brazil LGPD Checklist

Start from Brazil LGPD Checklist and turn the guidance into owned tasks, evidence requests, and review checkpoints.

Explore next step
Talk to Sorena
Talk through Brazil LGPD

Review your current process, evidence gaps, and next steps for Brazil LGPD Checklist.

Explore next step
Section 2

Lawful basis and transparency checklist

The lawful basis register and the external notices need to stay aligned when products, vendors, or purposes change.

  • Every purpose has a recorded Article 7 or 11 basis
  • Consent proof exists where consent is used and withdrawal is easy
  • Legitimate-interest cases have a retained balancing record
  • Children and adolescents processing has a documented best-interest assessment
Section 3

Rights, incident, and transfer checklist

These are the domains that create the most visible regulator and complaint risk when they fail.

  • Rights workflow supports immediate simplified responses and the 15 day complete declaration path
  • Incident workflow supports the 3 business day notification clock and the 20 business day complement path
  • Transfer register exists with mechanism, country, contract, and disclosure status
  • Shared-use corrections, deletions, anonymization, and blocking notifications are tracked
Section 4

Evidence and sanctions checklist

Article 52 and the ANPD dosimetry rule make good-faith prevention and prompt corrective action legally relevant.

  • Control testing is scheduled and results are retained
  • Exceptions and remediation items have owners and due dates
  • Incident, rights, and transfer evidence is current and easy to retrieve
  • Management review records show cooperation, corrective action, and governance follow-through
Primary sources

References and citations

Related guides

Explore more topics

ANPD Enforcement and Fines | Brazil LGPD Inspection, Procedure, and Sanctions
Grounded ANPD enforcement guide covering inspection procedure, sanctions progression, Article 52 factors, Resolution CD ANPD No.
Brazil LGPD Applicability Test | Article 3 Scope, Article 4 Exclusions, Roles
Grounded Brazil LGPD applicability test covering Article 3 territorial reach, Article 4 exclusions, controller versus operator allocation.
Brazil LGPD Compliance Program Guide
Build a grounded Brazil LGPD compliance program around scope, lawful bases, rights, records, incident reporting, transfers, DPO, and ANPD-ready evidence.
Brazil LGPD Data Subject Rights | Articles 18 to 20 and 15 Day Access Rule
Grounded Brazil LGPD rights guide covering Articles 18 to 20, free requests, immediate simplified confirmation, full access declaration within 15 days.
Brazil LGPD Deadlines and Compliance Calendar
Brazil LGPD compliance calendar covering key legal and ANPD milestones plus recurring duties for rights, incidents, transfers, training.
Brazil LGPD DSAR Response Template | Immediate and 15 Day Response Logic
Use a Brazil LGPD DSAR response template aligned to Articles 18 and 19, immediate simplified response, full declaration within 15 days, denial rationale.
Brazil LGPD FAQ | Scope, Rights, Incidents, Transfers, Enforcement
Practical Brazil LGPD FAQ answering common scope, lawful basis, rights, incident, transfer, DPO, and enforcement questions using the law and ANPD guidance.
Brazil LGPD Incident Reporting and Breach Notification
Grounded Brazil LGPD incident reporting guide covering Article 48, ANPD Resolution CD ANPD No.
Brazil LGPD International Transfers | Articles 33 to 35 and ANPD Transfer Mechanisms
Grounded Brazil LGPD transfer guide covering Articles 33 to 35, adequacy, ANPD standard contractual clauses, specific clauses, binding corporate rules.
Brazil LGPD Lawful Bases | Article 7, Article 11, Legitimate Interest
Grounded Brazil LGPD lawful basis guide covering Article 7 and 11 bases, consent rules, ANPD legitimate interest guide, sensitive data.
Brazil LGPD Penalties and Fines | Article 52 and ANPD Dosimetry
Grounded Brazil LGPD penalties guide covering Article 52 sanctions, 2 percent fine cap, R$50 million limit per infraction, publicization, blocking, deletion.
Brazil LGPD Requirements | Articles, Controls, Evidence, and ANPD Guidance
Operational Brazil LGPD requirements map covering scope, lawful bases, transparency, rights, records, DPO, security, incidents, transfers.
Brazil LGPD Templates | DSAR, Incident, Basis, Transfer, Governance
Practical Brazil LGPD template library priorities covering DSAR responses, incident communications, lawful basis records, transfer assessments.
Brazil LGPD vs CCPA and CPRA | Structure, Rights, Enforcement, and Reuse
Grounded comparison of Brazil LGPD and CCPA or CPRA covering scope logic, legal basis model, rights timing, cross-border governance, and reusable controls.
Brazil LGPD vs GDPR | Similarities, Differences, and Control Reuse
Grounded comparison of Brazil LGPD and GDPR covering scope, lawful bases, rights timing, DPO rules, transfer mechanisms, incident reporting.