LGPD Copilot
Navigate Brazil's Lei Geral de Proteção de Dados and ANPD expectations with confidence
What the LGPD Copilot Can Do
Select a valid legal basis among the art. 7 hypotheses, and the narrower art. 11 bases for sensitive data
Appoint and document the role of the encarregado (DPO) per art. 41 and ANPD guidance
Prepare data subject rights responses under art. 18 within statutory expectations
Build the relatório de impacto à proteção de dados pessoais (data protection impact report)
Map breach communication duties to the ANPD and data subjects under art. 48
Assess international transfer mechanisms under arts. 33-36 against ANPD transfer regulations
About LGPD Copilot
The Lei Geral de Proteção de Dados Pessoais (Lei nº 13.709/2018, LGPD) is Brazil's comprehensive data protection statute, in force since September 2020 with administrative sanctions enforceable since August 2021. It applies to any processing of personal data carried out in Brazil or aimed at individuals located in Brazil, regardless of the controller's place of establishment. LGPD Copilot helps controllers and operators understand the Act's structure, identify a valid legal basis among the ten hypotheses in art. 7 (and the specific bases for sensitive data in art. 11), and map their obligations to the supervisory authority's expectations. The Autoridade Nacional de Proteção de Dados (ANPD) is the competent supervisory authority, issuing regulations on topics such as data breach communication, the role of the encarregado (DPO), and dosimetry of sanctions. The Copilot supports data subject rights handling under art. 18, records of processing activities, the data protection impact report (relatório de impacto à proteção de dados pessoais), and international transfer mechanisms under arts. 33-36.
Frequently Asked Questions
What is the LGPD?
The LGPD is the Lei Geral de Proteção de Dados Pessoais, Lei nº 13.709/2018, Brazil's general personal data protection law. It establishes principles, legal bases for processing (arts. 7 and 11), data subject rights (art. 18), and obligations for controllers and operators. The Autoridade Nacional de Proteção de Dados (ANPD) is the supervisory authority responsible for enforcement, regulation, and guidance.
How does the LGPD Copilot help?
LGPD Copilot helps you interpret the Act's legal bases, distinguish controller and operator responsibilities, document the encarregado role under art. 41, draft a data protection impact report, and handle data subject requests under art. 18. It also helps you reason about breach communication to the ANPD under art. 48 and international transfer mechanisms under arts. 33-36, always framed as advisory documentation support rather than certification.
How does LGPD differ from GDPR?
LGPD is closely modelled on the GDPR but is not identical. It lists ten legal bases in art. 7 (and separate sensitive-data bases in art. 11) rather than the GDPR's six, uses the terms controller (controlador) and operator (operador) instead of controller and processor, and is enforced by the ANPD under a sanctions regime in arts. 52-54 with fines capped at 2% of the group's Brazilian turnover, limited to R$50 million per infraction, distinct from the GDPR's turnover-percentage tiers.
Ready to do compliance work faster?
Built for speed, accuracy, and audit-ready output.