FAQ item index

Search every question across sub-FAQs

Find the exact question, open the source answer card, and copy a direct link to the anchored sub-FAQ response.

Indexed coverage

30of30items

Across 10 modules • Updated May 9, 2026

Author

Sorena AI

Published

May 9, 2026

Updated

May 9, 2026

Back to sub-FAQs

What should teams do about Legitimate Interest Balancing under the Brazil LGPD?

Which mistakes create risk when handling Legitimate Interest Balancing under the Brazil LGPD?

The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context.

Using an old threshold, deadline, source page, or contract template without checking current source text.
Treating a source-linked exception as a general exemption for every product or data flow.
Publishing notices, controls, or answers that do not match the actual product behavior.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018 - Art. 10

Article 10 is the official LGPD basis for legitimate-interest balancing, including necessity, transparency, and ANPD impact-report requests.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018 - Art. 10 §1º

Necessity language supports limiting legitimate-interest processing to the minimum personal data needed for the stated purpose.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018 - Art. 10 §2º

Transparency language supports documenting notices and review evidence for legitimate-interest balancing.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018 - Art. 10 §3º

ANPD impact-report language supports retaining a balancing record and escalation path for legitimate-interest processing.

Jump to answer Open module

What should teams do about Ripd And DPIA under the Brazil LGPD?

Teams should treat Ripd And DPIA under the Brazil LGPD as a source-linked operating decision: confirm whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger.

The safest first step is to identify the controller/operator role, purpose, lawful basis, data category, data-subject right, transfer, or incident trigger before assigning the LGPD action.

Write the Ripd And DPIA decision in one sentence before drafting controls.
Attach the external source URL and a short source quote to the evidence record.
Route unclear cases to legal, privacy, security, or compliance review before launch.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Primary LGPD source for RIPD/DPIA records, controller accountability, lawful basis, data-subject rights, security duties, and ANPD authority requests.

PORTARIA ANPD N° 35, DE 4 DE NOVEMBRO DE 2022

ANPD agenda source for tracking regulatory priorities that affect RIPD/DPIA implementation and evidence planning.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD sanctions regulation source for enforcement exposure, corrective action, and compliance evidence planning.

Jump to answer Open module

What should teams do about Ripd And DPIA under the Brazil LGPD?

What evidence should teams keep for Ripd And DPIA under the Brazil LGPD?

Useful evidence is not just a privacy notice. Keep the source, role map, lawful-basis note, rights log, transfer analysis, incident assessment, DPO review, and approval trail together.

Source URL and quote used for the decision.
Scope notes, screenshots, data-flow or system references, and role mapping.
Implementation ticket, approval record, exception notes, and review date.

Citations

PORTARIA ANPD N° 35, DE 4 DE NOVEMBRO DE 2022

ANPD agenda source for tracking regulatory priorities that affect RIPD/DPIA implementation and evidence planning.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD sanctions regulation source for enforcement exposure, corrective action, and compliance evidence planning.

Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte

ANPD guidance source for practical administrative and technical security measures that support LGPD evidence and control design.

Jump to answer Open module

What should teams do about Ripd And DPIA under the Brazil LGPD?

Which mistakes create risk when handling Ripd And DPIA under the Brazil LGPD?

The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context.

Using an old threshold, deadline, source page, or contract template without checking current source text.
Treating a source-linked exception as a general exemption for every product or data flow.
Publishing notices, controls, or answers that do not match the actual product behavior.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Primary LGPD source for RIPD/DPIA records, controller accountability, lawful basis, data-subject rights, security duties, and ANPD authority requests.

PORTARIA ANPD N° 35, DE 4 DE NOVEMBRO DE 2022

ANPD agenda source for tracking regulatory priorities that affect RIPD/DPIA implementation and evidence planning.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD sanctions regulation source for enforcement exposure, corrective action, and compliance evidence planning.

Guia Orientativo sobre Segurança da Informação para Agentes de Tratamento de Pequeno Porte

ANPD guidance source for practical administrative and technical security measures that support LGPD evidence and control design.

Jump to answer Open module

What should teams do about Sanctions Methodology under the Brazil LGPD?

How should teams prepare for ANPD sanctions decisions under the Brazil LGPD?

Teams should treat Sanctions Methodology under the Brazil LGPD as a source-linked operating decision: confirm whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger.

The safest first step is to identify the controller/operator role, purpose, lawful basis, data category, data-subject right, transfer, or incident trigger before assigning the LGPD action.

Write the Sanctions Methodology decision in one sentence before drafting controls.
Attach the external source URL and a short source quote to the evidence record.
Route unclear cases to legal, privacy, security, or compliance review before launch.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Official LGPD text used to connect sanctions methodology to the Article 52 administrative-sanctions framework and related ANPD authority.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD dosimetry regulation used to support sanctions-methodology decisions, fine calculation evidence, and enforcement-risk review.

Jump to answer Open module

What should teams do about Sanctions Methodology under the Brazil LGPD?

What evidence should teams keep for Sanctions Methodology under the Brazil LGPD?

Useful evidence is not just a privacy notice. Keep the source, role map, lawful-basis note, rights log, transfer analysis, incident assessment, DPO review, and approval trail together.

Source URL and quote used for the decision.
Scope notes, screenshots, data-flow or system references, and role mapping.
Implementation ticket, approval record, exception notes, and review date.

Citations

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD dosimetry regulation used to support sanctions-methodology decisions, fine calculation evidence, and enforcement-risk review.

RESOLUÇÃO CD/ANPD Nº 1, DE 28 DE OUTUBRO DE 2021

ANPD inspection regulation used to connect source-linked decisions to preventive, monitoring, and enforcement review records.

Jump to answer Open module

What should teams do about Sanctions Methodology under the Brazil LGPD?

Which mistakes create risk when handling Sanctions Methodology under the Brazil LGPD?

The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context.

Using an old threshold, deadline, source page, or contract template without checking current source text.
Treating a source-linked exception as a general exemption for every product or data flow.
Publishing notices, controls, or answers that do not match the actual product behavior.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Official LGPD text used to connect sanctions methodology to the Article 52 administrative-sanctions framework and related ANPD authority.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

ANPD dosimetry regulation used to support sanctions-methodology decisions, fine calculation evidence, and enforcement-risk review.

RESOLUÇÃO CD/ANPD Nº 1, DE 28 DE OUTUBRO DE 2021

ANPD inspection regulation used to connect source-linked decisions to preventive, monitoring, and enforcement review records.

Jump to answer Open module

What should teams do about Small Processing Agents under the Brazil LGPD?

Teams should treat Small Processing Agents under the Brazil LGPD as a source-linked operating decision: confirm whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger.

The safest first step is to identify the controller/operator role, purpose, lawful basis, data category, data-subject right, transfer, or incident trigger before assigning the LGPD action.

Write the Small Processing Agents decision in one sentence before drafting controls.
Attach the external source URL and a short source quote to the evidence record.
Route unclear cases to legal, privacy, security, or compliance review before launch.

Citations

Resolução CD/ANPD nº 2, de 27 de janeiro de 2022

ANPD small-processing-agent regulation used to identify which organizations qualify and which LGPD adaptations apply.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Official LGPD authority provision supporting ANPD rules for differentiated treatment of small processing agents.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

Evidence support for the FAQ answer.

Jump to answer Open module

What should teams do about Small Processing Agents under the Brazil LGPD?

What evidence should teams keep for Small Processing Agents under the Brazil LGPD?

Useful evidence is not just a privacy notice. Keep the source, role map, lawful-basis note, rights log, transfer analysis, incident assessment, DPO review, and approval trail together.

Source URL and quote used for the decision.
Scope notes, screenshots, data-flow or system references, and role mapping.
Implementation ticket, approval record, exception notes, and review date.

Citations

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Official LGPD authority provision supporting ANPD rules for differentiated treatment of small processing agents.

Resolução CD/ANPD nº 2, de 27 de janeiro de 2022

ANPD small-processing-agent regulation used to identify which organizations qualify and which LGPD adaptations apply.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

Evidence support for the FAQ answer.

Jump to answer Open module

What should teams do about Small Processing Agents under the Brazil LGPD?

Which mistakes create risk when handling Small Processing Agents under the Brazil LGPD?

The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context.

Using an old threshold, deadline, source page, or contract template without checking current source text.
Treating a source-linked exception as a general exemption for every product or data flow.
Publishing notices, controls, or answers that do not match the actual product behavior.

Citations

Resolução CD/ANPD nº 2, de 27 de janeiro de 2022

ANPD small-processing-agent regulation used to identify which organizations qualify and which LGPD adaptations apply.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Official LGPD authority provision supporting ANPD rules for differentiated treatment of small processing agents.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

Risk and boundary support for the FAQ answer.

Jump to answer Open module

Page 2 of 2

Previous12Next