Deadlines and Compliance Calendar decisions under the Brazil LGPD should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.
Use this section to define scope, owner, evidence inputs, and the review outcome before execution.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page turns LGPD obligations into a practical calendar: publication on 14 August 2018, rights-response deadlines such as the 15-day window in Art. 19, and the effective dates for sanctions and ANPD governance provisions in Art. 65.
Start by deciding whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point.
For a working calendar, anchor the date to the rule: 14 August 2018 for publication, 1 August 2021 for Arts. 52 to 54, 28 December 2018 for the ANPD governance provisions listed in Art. 65, and up to 15 days to answer a confirmation-of-existence or access request under Art. 19.
Ownership should sit with the team that controls the processing purpose, data-subject channel, vendor relationship, transfer mechanism, security incident response, or ANPD communication.
Evidence should show controller/operator mapping, lawful basis, transparency notice, rights response, transfer analysis, incident decision, DPO involvement, and ANPD remediation record where applicable.
Most LGPD mistakes happen at the boundary between controller and operator duties, consent and other lawful bases, academic or public-interest processing, international transfers, and incident notification thresholds.
Apply this section before approving a processing activity, vendor arrangement, transfer, rights workflow, child-data handling, or incident response under LGPD. If evidence is missing, block progression and raise a review task.
Use an LGPD workflow that captures role, purpose, lawful basis, data category, data-subject right, transfer or incident trigger, DPO review, evidence, and review date.
The output should be a lawful-basis memo, role map, privacy notice update, DSAR record, transfer note, incident assessment, or ANPD response pack.
This artifact page provides practical inputs, owner roles, required outputs, and evidence checkpoints for deadlines and compliance calendar.
Turn Deadlines and Compliance Calendar into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with operational practice.
"a comunicação à ANPD e ao(s) titular(es) deverá ser realizada pelo controlador no prazo de três (3) dias úteis"
"medidas de segurança da informação para agentes de tratamento de pequeno porte"
"tratamento de dados pessoais para fins acadêmicos"
"O controlador deverá comunicar à autoridade nacional e ao titular a ocorrência de incidente de segurança que possa acarretar risco ou dano relevante aos titulares."
"O controlador deverá comunicar à autoridade nacional e ao titular a ocorrência de incidente de segurança que possa acarretar risco ou dano relevante aos titulares."
"Esta Resolução aprova o Regulamento de Dosimetria e Aplicação de Sanções Administrativas."
"Esta Resolução aprova o Regulamento de Dosimetria e Aplicação de Sanções Administrativas."