PHPackages lumensistemas/lgpd-laravel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. lumensistemas/lgpd-laravel ActiveLibrary lumensistemas/lgpd-laravel ========================== A Laravel package for LGPD (Lei Geral de Proteção de Dados) compliance. 1.0.0(1mo ago)00MITPHPPHP ^8.4CI passing Since Mar 28Pushed 1mo agoCompare [ Source](https://github.com/lumensistemas/lgpd-laravel)[ Packagist](https://packagist.org/packages/lumensistemas/lgpd-laravel)[ Docs](https://github.com/lumensistemas/lgpd-laravel)[ GitHub Sponsors](https://github.com/lumensistemas)[ RSS](/packages/lumensistemas-lgpd-laravel/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (8)Versions (2)Used By (0) LGPD Laravel ============ [](#lgpd-laravel) [![Latest Version on Packagist](https://camo.githubusercontent.com/b045b403fb440977245868b51bf8a9b4cda9bd88867f3d9c12c3e04858be2922/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c756d656e73697374656d61732f6c6770642d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/lumensistemas/lgpd-laravel)[![Tests](https://camo.githubusercontent.com/ab32ef8727577a523f70675b4ea803b02df1fcd16542537d44e49688edf4fa8b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6c756d656e73697374656d61732f6c6770642d6c61726176656c2f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/lumensistemas/lgpd-laravel/actions/workflows/run-tests.yml)[![Total Downloads](https://camo.githubusercontent.com/a6387c6eb6fe158dc3bc7e2ad12b0fa3fa82797db6afc91eb9df57a6a9ae10af/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c756d656e73697374656d61732f6c6770642d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/lumensistemas/lgpd-laravel) A Laravel package for LGPD (Lei Geral de Proteção de Dados) compliance. Provides models, enums, and migrations for managing data subjects, consent tracking, and processing activity records as required by Brazilian data protection law. Installation ------------ [](#installation) You can install the package via composer: ``` composer require lumensistemas/lgpd-laravel ``` Publish the config file: ``` php artisan vendor:publish --tag=lgpd-config ``` Publish the migrations (optional, for customization): ``` php artisan vendor:publish --tag=lgpd-migrations ``` Publish the language files (optional): ``` php artisan vendor:publish --tag=lgpd-lang ``` Run the migrations: ``` php artisan migrate ``` Usage ----- [](#usage) ### Data Subjects [](#data-subjects) The `DataSubject` model is the central reference point for all personal data associated with an individual. The `document_hash` field uses blind indexing for searchable encryption. ``` use LumenSistemas\Lgpd\Models\DataSubject; $subject = DataSubject::create([ 'document_hash' => $cpf, ]); ``` ### Consent Tracking (Art. 8) [](#consent-tracking-art-8) Track consent grants and revocations. Consent must be free, informed, and unambiguous under the LGPD. ``` use LumenSistemas\Lgpd\Models\Consent; use LumenSistemas\Lgpd\Enums\LegalBasis; $consent = Consent::create([ 'data_subject_id' => $subject->id, 'purpose' => 'Send marketing emails', 'legal_basis' => LegalBasis::CONSENT, 'granted_at' => now(), 'ip_address' => request()->ip(), 'user_agent' => request()->userAgent(), ]); // Revoke consent $consent->update(['revoked_at' => now()]); // Query scopes Consent::active()->get(); // granted, not revoked, not expired Consent::revoked()->get(); // revoked consents Consent::expired()->get(); // past expiry date ``` ### Processing Activities Registry (Art. 37) [](#processing-activities-registry-art-37) Maintain a compliance registry of your organization's data processing operations as required by the LGPD. This is a catalog of *what* processing your system does, not a per-event audit log. ``` use LumenSistemas\Lgpd\Models\ProcessingActivity; use LumenSistemas\Lgpd\Enums\LegalBasis; use LumenSistemas\Lgpd\Enums\DataSensitivity; ProcessingActivity::create([ 'activity' => 'user_registration', 'legal_basis' => LegalBasis::CONTRACT, 'sensitivity' => DataSensitivity::PERSONAL, 'purpose' => 'Collect user data to create account', 'data_categories' => ['name', 'email', 'cpf'], 'retention_period' => '5 years', 'processed_at' => now(), ]); ``` ### Data Subject Requests (Art. 18) [](#data-subject-requests-art-18) Track requests from data subjects exercising their rights. Includes query scopes for status filtering and overdue detection (15-day deadline per Art. 18, §3). ``` use LumenSistemas\Lgpd\Models\DataSubjectRequest; use LumenSistemas\Lgpd\Enums\DataSubjectRight; use LumenSistemas\Lgpd\Enums\RequestStatus; // Create a request $request = DataSubjectRequest::create([ 'data_subject_id' => $subject->id, 'right' => DataSubjectRight::ACCESS, 'status' => RequestStatus::PENDING, 'requested_at' => now(), ]); // Update status $request->update([ 'status' => RequestStatus::COMPLETED, 'responded_at' => now(), 'response_notes' => 'Data export sent to customer email.', ]); // Query scopes DataSubjectRequest::pending()->get(); DataSubjectRequest::overdue()->get(); // default 15 days DataSubjectRequest::overdue(30)->get(); // custom deadline ``` ### Personal Data Classification [](#personal-data-classification) Use the `HoldsPersonalData` interface and `HasPersonalData` trait on any model that contains personal data. Declare the sensitivity of each column via `dataClassification()`. ``` use Illuminate\Database\Eloquent\Model; use LumenSistemas\Lgpd\Concerns\HasPersonalData; use LumenSistemas\Lgpd\Contracts\HoldsPersonalData; use LumenSistemas\Lgpd\Enums\DataSensitivity; class User extends Model implements HoldsPersonalData { use HasPersonalData; public function dataClassification(): array { return [ 'name' => DataSensitivity::PERSONAL, 'email' => DataSensitivity::PERSONAL, 'cpf' => DataSensitivity::SENSITIVE, ]; } } ``` ### Anonymization and Masking (Art. 18, IV) [](#anonymization-and-masking-art-18-iv) Add the `Anonymizable` trait for anonymization and display masking capabilities. ``` use LumenSistemas\Lgpd\Concerns\Anonymizable; class User extends Model implements HoldsPersonalData { use HasPersonalData, Anonymizable; // ... } ``` **Anonymize** — permanently replaces classified fields in memory. Does NOT auto-save, so your app controls authorization and logging: ``` $user->anonymize()->save(); $user->isAnonymized(); // true ``` **Mask** — returns masked values for display without modifying the model: ``` $user->masked(); // ['name' => 'L***s', 'email' => 'l***************m', 'cpf' => '1*********0'] $user->masked(['email']); // ['email' => 'l***************m'] ``` Override `anonymizedValue()` or `maskedValue()` for custom strategies per column: ``` protected function maskedValue(string $column, string $value): string { return match ($column) { 'email' => preg_replace('/^(.).*(@.*)$/', '$1***$2', $value) ?? '***', 'cpf' => '***.***.'.mb_substr($value, 6, 3).'-'.mb_substr($value, 9, 2), default => mb_substr($value, 0, 1).'****', }; } ``` ### Enums [](#enums) The package provides enums matching the LGPD articles: **DataSensitivity** — Data classification levels: `PUBLIC`, `INTERNAL`, `PERSONAL`, `SENSITIVE` **LegalBasis (Art. 7)** — Legal bases for data processing: `CONSENT`, `LEGAL_OBLIGATION`, `PUBLIC_ADMINISTRATION`, `RESEARCH`, `CONTRACT`, `LEGAL_PROCEEDINGS`, `LIFE_PROTECTION`, `HEALTH`, `LEGITIMATE_INTEREST`, `CREDIT_PROTECTION` **DataSubjectRight (Art. 18)** — Data subject rights: `ACCESS`, `CORRECTION`, `ANONYMIZATION`, `PORTABILITY`, `DELETION`, `SHARING_INFO`, `CONSENT_INFO`, `CONSENT_REVOCATION`, `OPPOSITION` **RequestStatus** — DSR workflow status: `PENDING`, `IN_PROGRESS`, `COMPLETED`, `DENIED` All enums provide `label()` and `description()` methods with translations in English and Brazilian Portuguese. ``` use LumenSistemas\Lgpd\Enums\LegalBasis; LegalBasis::CONSENT->label(); // "Consent" or "Consentimento" LegalBasis::CONSENT->description(); // Full description with article reference ``` `DataSensitivity::highest()` returns the most sensitive level from a list — useful when determining the overall sensitivity of a set of columns: ``` use LumenSistemas\Lgpd\Enums\DataSensitivity; DataSensitivity::highest([ DataSensitivity::PERSONAL, DataSensitivity::SENSITIVE, ]); // DataSensitivity::SENSITIVE ``` ### Configuration [](#configuration) The config file (`config/lgpd.php`) allows you to: **Multi-tenancy** — Enable tenant isolation with a configurable column name: ``` 'multi_tenancy' => [ 'enabled' => true, 'column' => 'tenant_id', ], ``` **Table names** — Customize table names to avoid conflicts: ``` 'tables' => [ 'data_subjects' => 'data_subjects', 'consents' => 'consents', 'processing_activities' => 'processing_activities', 'data_subject_requests' => 'data_subject_requests', ], ``` **Models** — Swap model implementations with your own: ``` 'models' => [ 'data_subject' => App\Models\CustomDataSubject::class, ], ``` Testing ------- [](#testing) ``` composer test:all ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](https://github.com/lumensistemas/.github/blob/main/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Lucas Vasconcelos](https://github.com/lucasvscn) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 39 — LowBetter than 86% of packages Maintenance90 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 46d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/dfdf6591a8b2d844569545878fba113e9c8de3d9b9d48f5b25637c6f0353ffbd?d=identicon)[lucasvscn](/maintainers/lucasvscn) --- Top Contributors [![lucasvscn](https://avatars.githubusercontent.com/u/3482569?v=4)](https://github.com/lucasvscn "lucasvscn (17 commits)") --- Tags laravelcomplianceprivacydata protectionlgpdlumensistemaslgpd-laravel ### Code Quality TestsPest Static AnalysisPHPStan, Rector Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/lumensistemas-lgpd-laravel/health.svg) ``` [![Health](https://phpackages.com/badges/lumensistemas-lgpd-laravel/health.svg)](https://phpackages.com/packages/lumensistemas-lgpd-laravel) ``` ### Alternatives [devrabiul/laravel-cookie-consent A GDPR-compliant cookie consent solution for Laravel applications with fully customizable cookie banners, granular consent control, and enterprise-grade compliance features. 17633.8k1](/packages/devrabiul-laravel-cookie-consent) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)