What is the primary objective of **LGPD**?

**The primary objective of LGPD (Lei Geral de Proteção de Dados Pessoais, Law No. 13.709/2018) is to protect the fundamental rights of freedom, intimacy, and personal data of natural persons through comprehensive regulation of processing activities.** Enacted August 14, 2018, with full enforcement from August 1, 2021, it unifies prior fragmented laws, mandating 10 core principles (Art. 6)—including purpose limitation, necessity, transparency, security, prevention, non-discrimination, and accountability—to ensure ethical data handling by controllers and operators. LGPD grants data subjects rights like access, correction, deletion, portability, and objection to automated decisions (Art. 18), while imposing obligations on entities processing personal or sensitive data (e.g., health, biometrics).

Who is legally or professionally required to comply with **LGPD**?

**All controllers and operators processing personal data of Brazilian residents must comply with LGPD, regardless of company size or location, due to its extraterritorial scope (Art. 3).** This includes any processing in Brazil, targeting Brazilian residents for goods/services, or collecting data therein—impacting global firms in e-commerce, fintech, healthcare, and cloud services. No employee/revenue thresholds apply; public/private entities qualify, with controllers (deciding purposes/means, Art. 5 VI) bearing primary liability and operators (executing instructions, Art. 5 VII) sharing duties. Exemptions (Art. 4) cover non-economic private uses, journalism, and public security.

Does **LGPD** require an external audit or third-party certification?

**LGPD does not mandate external audits or third-party certification, but ANPD may conduct audits and requires controllers to maintain processing records and submit DPIAs on demand (Art. 37, 38).** Operators must adhere to controller instructions with verifiable security measures. ANPD enforces via graduated sanctions, incentivizing voluntary certifications (e.g., ISO 27701) for demonstrating accountability, though records and incident logs (5 years) enable internal/external verification.

How often should an assessment for **LGPD** be performed?

**LGPD assessments, including Records of Processing Activities (RoPAs) and DPIAs for high-risk processing, must be maintained continuously and updated as needed, with annual reviews recommended for ongoing compliance (Art. 37, 38).** ANPD requires incident logs for 5 years and breach notifications within 3 business days (Resolution CD/ANPD No. 15/2024). Quarterly internal audits and risk reassessments align with principles like accountability and prevention.

What are the consequences of non-compliance with **LGPD**?

**Non-compliance with LGPD incurs graduated ANPD sanctions, including fines up to 2% of Brazilian revenue (capped at R$50 million per infraction), data processing suspension (up to 6 months, extendable), and publicity of violations (Art. 52-53).** Factors like gravity, cooperation, and safeguards influence penalties; civil claims for damages (Art. 42) and operational disruptions add risks, applying to B2B/employee data.

Can **LGPD** be mapped to other international frameworks?

**Yes, LGPD maps closely to international frameworks due to shared principles, rights, and structures like purpose limitation, minimization, and data subject rights, enabling hybrid compliance programs.** Its 10 principles and bases align with global standards, though ANPD-specific rules (e.g., SCCs by August 23, 2025 per Resolution 19/2024) require adaptations for transfers and enforcement.

What is the first step to begin implementing **LGPD**?

**The first step to implement LGPD is appointing a Data Protection Officer (DPO) and conducting a comprehensive data mapping to create a Record of Processing Activities (RoPA) (Art. 41, 37).** This identifies flows, legal bases, sensitive data, and risks, securing executive sponsorship for governance, followed by DPIAs for high-risk activities.

What is the primary objective of **PMBOK**?

**The primary objective of PMBOK is to codify generally accepted principles, performance domains, processes, and practices for delivering consistent project value.** The **Project Management Body of Knowledge (PMBOK® Guide)**, maintained by the **Project Management Institute (PMI)**, provides a global standard blending **six core principles** (e.g., focus on value, lead accountably) and **seven performance domains** (e.g., governance, stakeholders, risk) with tailored processes from its process-based legacy (five process groups, ten knowledge areas).

Who is legally or professionally required to comply with **PMBOK**?

**No organizations are legally required to comply with PMBOK, as it is a voluntary global standard, not a regulatory law.** Professional requirements apply to practitioners pursuing **PMI certifications** like **PMP®**, which mandate PMBOK knowledge. Contractually, public-sector bids and client procurements often demand **PMI-compliant methodologies**, while C-suite executives, **PMO directors**, project managers, and sectors like construction, IT, and healthcare adopt it for governance, risk reduction, and value delivery.

Does **PMBOK** require an external audit or third-party certification?

**PMBOK does not require external audits or third-party certification, as it lacks formal certification mechanisms.** Organizations implement it via internal **gap analysis**, **tailoring guides**, and **PMO assurance** (e.g., periodic audits of **Earned Value Management** metrics like **CPI/SPI**). **PMI credentials** (e.g., **PMP®**) involve individual exams, but enterprise adoption relies on self-assessments like **OPM3®** maturity models for **performance domains** and **process groups**.

How often should an assessment for **PMBOK** be performed?

**PMBOK assessments should be performed initially via gap analysis, then periodically through Phase 6 assurance cycles, such as quarterly audits and annual **OPM3®** maturity reviews.** Implementation frameworks recommend **pilot validation** post-Phase 4, followed by **continuous improvement** in Phase 6, using **KPIs** like **Schedule Performance Index (SPI)** trends and risk exposure. Mature organizations conduct **six-month health checks** tied to **performance domains**.

What are the consequences of non-compliance with **PMBOK**?

**Non-compliance with PMBOK risks contractual disqualification, audit findings, project overruns, and reputational damage, though no direct legal penalties exist.** Clients reject non-**PMI-compliant** bids; inadequate **scope**, **cost**, or **risk controls** trigger financial restatements, litigation, and talent attrition. High-profile failures erode brand equity, while missed **Earned Value** baselines increase variance, delaying benefits realization.

Can **PMBOK** be mapped to other international frameworks?

**Yes, PMBOK can be mapped to other international frameworks through its principles, performance domains, and processes.** The Eighth Edition supports convergence with standards like **ISO 21500** via shared **governance**, **tailoring**, and **value delivery**. **OPM3®** dependencies align with maturity models, enabling hybrid integration for **agile**, **predictive**, or sector-specific adaptations while preserving **knowledge areas** like **procurement** and **stakeholder management**.

What is the first step to begin implementing **PMBOK**?

**The first step to implement PMBOK is Phase 0: secure executive alignment and sponsorship via a PMBOK adoption charter.** Establish a cross-functional steering committee (PMO, finance, HR) to define **KPIs** (e.g., % projects on budget) and governance. This frames value delivery and risk reduction before **Phase 1 gap analysis** mapping current processes to **principles** and **domains**.

LGPD vs PMBOK | GRADUM

Standards Comparison

LGPD

Mandatory

2020

Brazil's comprehensive regulation for personal data protection

PMBOK

Voluntary

2021

Global standard for project management practices

Quick Verdict

LGPD mandates data protection for Brazilian residents' info with fines, while PMBOK provides voluntary project management framework for reliable delivery. Companies adopt LGPD for legal compliance, PMBOK for strategic execution and risk reduction.

Data Privacy

LGPD

Lei Geral de Proteção de Dados Pessoais (Law No. 13.709/2018)

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Extraterritorial scope for processors targeting Brazilian residents
10 core principles including prevention and non-discrimination
Data subject rights with anonymization and automated objection
Graduated fines up to 2% Brazilian revenue (R$50M cap)
ANPD-approved SCCs mandatory for cross-border transfers by 2025

Project Management

PMBOK

Project Management Body of Knowledge (PMBOK® Guide)

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Tailoring to project size, complexity, and delivery approach
Principles and performance domains for value delivery
Earned Value Management for cost/schedule control
Hybrid predictive-agile process guidance
Risk registers and stakeholder engagement matrices

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

LGPD Details

What It Is

Lei Geral de Proteção de Dados Pessoais (LGPD), Law No. 13.709/2018, is Brazil's comprehensive data protection regulation enacted in 2018, fully enforced since 2021. It protects personal data of natural persons with extraterritorial scope, applying to processing in Brazil, targeting residents, or collected there. Employs a risk-based approach with 10 principles like purpose limitation, necessity, and accountability.

Key Components

**10 principlesPurpose limitation, adequacy, necessity, transparency, security, prevention, non-discrimination, accountability.
**Data subject rightsAccess, correction, deletion, portability, anonymization, objection to automated decisions.
**10 legal basesConsent, contracts, legitimate interests, sensitive data restrictions.
**GovernanceMandatory DPO for controllers, Records of Processing Activities (RoPAs), DPIAs for high-risk processing.
ANPD enforcement with graduated sanctions including fines.

Why Organizations Use It

Mandatory for compliance, avoiding fines up to 2% Brazilian revenue (R$50M cap).
Builds customer trust, enables market access, reduces breach risks.
Strategic advantages: operational efficiency, innovation via anonymization, competitive edge in Brazil's digital economy.

Implementation Overview

Phased risk-based methodology: governance/DPO appointment, data mapping/RoPAs, policies/DSRs, technical controls, vendor management/SCCs, monitoring/audits. Applies to all organizations processing Brazilian data, no formal certification but ANPD oversight.

PMBOK Details

What It Is

PMBOK® Guide—Project Management Body of Knowledge, authored by Project Management Institute (PMI), is a global framework for project management practices. It provides principles, performance domains, and processes for delivering value through projects, evolving from process groups/knowledge areas to principle-based approaches in recent editions.

Key Components

Six core principles (e.g., value focus, stewardship) and seven performance domains (governance, stakeholders, team, etc.).
Legacy: five process groups, ten knowledge areas, ~49 processes.
Tools like WBS, EVM, risk registers.
Tailoring model; no formal certification for the guide, but aligns with PMP®.

Why Organizations Use It

Enhances predictability, reduces overruns via standardized governance.
Meets contractual/audit needs; boosts reputation.
Enables hybrid agile/predictive delivery; competitive edge in bids.

Implementation Overview

Phased rollout: assessment, tailoring, pilots, training, PMO setup. Suits all sizes/industries; 12-24 months for enterprises. Focuses on change management, tools integration.

Key Differences

Aspect	LGPD	PMBOK
Scope	Personal data protection, processing, rights	Project management principles, processes, governance
Industry	All sectors processing Brazilian data	All industries delivering projects globally
Nature	Mandatory law with ANPD enforcement	Voluntary standard and best practices guide
Testing	DPIAs for high-risk, ANPD audits	Internal audits, maturity assessments, pilots
Penalties	Fines up to 2% Brazilian revenue	No legal penalties, reputational risks

Scope

LGPD

Personal data protection, processing, rights

PMBOK

Project management principles, processes, governance

Industry

LGPD

All sectors processing Brazilian data

PMBOK

All industries delivering projects globally

Nature

LGPD

Mandatory law with ANPD enforcement

PMBOK

Voluntary standard and best practices guide

Testing

LGPD

DPIAs for high-risk, ANPD audits

PMBOK

Internal audits, maturity assessments, pilots

Penalties

LGPD

Fines up to 2% Brazilian revenue

PMBOK

No legal penalties, reputational risks

Frequently Asked Questions

Common questions about LGPD and PMBOK

LGPD FAQ

PMBOK FAQ

You Might also be Interested in These Articles...

The Tool Landscape for Reaching and Maintaining ISO 27701 Compliance

Discover the top tools for ISO 27701 compliance. Compare functionality, complexity, costs, and benefits to choose the best solution for your privacy program. Ac

SOC 2 Trust Services Criteria in Plain English: Side-by-Side Decoder with Real-World Analogies

Decode SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) into plain English with tables, TL;DRs & analogies

Why the SEC Stepped In: The Investor-Driven Push for Cybersecurity Transparency

Discover why the SEC's 2023 cybersecurity rules treat cyber risks as material financial threats. Explore the 'stick and carrot' approach for standardized disclo

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

EN 1090 vs NERC CIP

Compare EN 1090 vs NERC CIP: EU steel/aluminum standards for CE marking & execution classes vs US grid cybersecurity. Unlock compliance insights for global ops. Read now!

SAFe vs GMP

SAFe vs GMP: Scale agile enterprise-wide with SAFe's Lean-Agile framework or ensure pharma compliance via GMP standards. Compare benefits, configs & pitfalls—boost agility now!

COBIT vs ISO 22000

Compare COBIT vs ISO 22000: IT governance framework meets food safety standard. Uncover differences, strengths & ideal use cases for compliance success. Choose wisely now!

LGPD

PMBOK

Quick Verdict

LGPD

Key Features

PMBOK

Key Features

Detailed Analysis

LGPD Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

PMBOK Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

LGPD FAQ

What is the primary objective of LGPD?

Who is legally or professionally required to comply with LGPD?

Does LGPD require an external audit or third-party certification?

How often should an assessment for LGPD be performed?

What are the consequences of non-compliance with LGPD?

Can LGPD be mapped to other international frameworks?

What is the first step to begin implementing LGPD?

PMBOK FAQ

What is the primary objective of PMBOK?

Who is legally or professionally required to comply with PMBOK?

Does PMBOK require an external audit or third-party certification?

How often should an assessment for PMBOK be performed?

What are the consequences of non-compliance with PMBOK?

Can PMBOK be mapped to other international frameworks?

What is the first step to begin implementing PMBOK?

You Might also be Interested in These Articles...

The Tool Landscape for Reaching and Maintaining ISO 27701 Compliance

SOC 2 Trust Services Criteria in Plain English: Side-by-Side Decoder with Real-World Analogies

Why the SEC Stepped In: The Investor-Driven Push for Cybersecurity Transparency

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

EN 1090 vs NERC CIP

SAFe vs GMP

COBIT vs ISO 22000