This study aims to describe and understand the reality of Brazilian organizations in terms of compliance with the General Law on the Protection of Personal Data (LGPD).Such an approach is justified by the regulations established by the Brazilian State for the manipulation, processing and storage of personal data by organizations.In this sense, the capacity of organizations to meet the regulatory frameworks established by the LGPD (Law No. 13.709/2018) is discussed.In order to achieve the proposed intent, the study is based on NBR ISO/IEC 27001, NBR ISO/IEC 27002 and Law No. 13.709/2018.