IDC Names Securiti a Worldwide Leader in Data Privacy


ANPD’s Guidance on Impact Report on the Protection of Personal Data In a Nutshell

This infographic aims to educate you on:

  • Who must prepare an RIPD;
  • Situations that require an RIPD;
  • What to include in an RIPD;
  • Who has regulatory oversight related to the RIPD.


Award-winning technology, built by a proven team, backed by confidence. Learn more.

Per the Brazilian LGPD, all organizations must prepare a Personal Data Protection Impact Report (RIPD) if their data processing activities pose a “high risk” to general principles of protection of personal data. The RIPD contains all the necessary descriptions of processes involved in any organization’s data processing activities. As a result, organizations may easily identify and rectify any processes that endanger their users’ data privacy. 

There is a strict criterion for who must conduct an RIPD, what methodology they must use, what information needs to be included in this report, and who maintains regulatory oversight regarding the RIPD. 

Cultivating a thorough understanding of the ANPD’s Guidance on the RIPD is critical to carrying out the report and complying with all the necessary regulatory obligations associated with it.

ANPD’s Guidance on Impact Report on the Protection of Personal Data In a Nutshell

People Also Ask:

Here are some frequently asked questions users might have:

All data controllers subject to the LGPD must prepare an RIPD if the controller’s data processing poses a “high risk” to general principles of protection of personal data under the LGPD, the civil liberties, and the fundamental rights of the data subjects.  

If any data processing activity meets any one general and one specific criterion, it is considered “high risk”. The general and specific criteria are:
  • General Criteria:
    • Large-scale processing;
    • Processing that can significantly affect the interests and rights of the data subjects.
  • Specific Criteria:
    • Surveillance or control of zone accessible to the public; 
    • Automated processing of personal data;
    • Use of emerging or innovative technologies;
    • Sensitive data or data from children, adolescents, and the elderly.
At a minimum, the RIPD must include the following:
  • Description of the types of personal data collected or processed in any way;
  • The methodology used for the processing and ensuring the security of information; 
  • Analysis of the controller concerning measures, safeguards, and risk mitigation mechanisms adopted.
The infographic goes into great detail about different informational aspects that can be included.

All-in-One Solution For Your Business Needs

The Multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations

Top 7 Employer’s Privacy Obligations

Discover employer privacy obligations in the remote work era. Download our white paper for insights today.

8 Privacy Tips for a Successful Marketer

Explore 8 privacy tips by Securiti experts for ethically collecting personal data in marketing.

The 7 Sins of Data Privacy Management

Find out why following data compliant practices from the experts is important, and learn how to begin protecting data privacy today.