Our Data Protection and Cybersecurity team works with a customer-centric approach, which allows us to provide customized solutions and effective legal strategies to ensure compliance with privacy and data protection laws, minimizing risks related to the processing of personal data.
We offer extensive experience in structuring and monitoring data protection compliance programs, including highly complex projects with multi-jurisdictional impact, in addition to having extensive expertise in the most diverse matters related to the General Data Protection Act (LGPD)
Our services include:
Legal advice on projects to adapt to the General Data Protection Act
Legal advice on data protection in the development of products and services, including support in structuring privacy by design and privacy by default projects
Structuring of terms of use, privacy policies and other transparency mechanisms about personal data processing activities
Preparation of impact reports on the protection of personal data (RIPD) and evaluations related to treatments based on the legitimate interest of the controller (LIA)
Preparation of memoranda and legal opinions regarding the risks of personal data processing activities and strategies to minimize these risks
Drafting, reviewing, and negotiating personal data processing clauses and agreements with suppliers, customers and other domestic and foreign partners
Preparation and review of binding corporate rules and other mechanisms applicable to international transfers of personal data
Legal advice in meeting requests based on the exercise of rights of holders
Structuring of personal data processing policies and other policies related to compliance and governance of personal data processing
Legal audit related to privacy and protection of personal data aspects in M&A transactions
Preparation of awareness and training materials for employees on matters related to the protection of personal data
Legal advice within the scope of sanctioning administrative proceedings with the National Data Protection Authority (ANPD) and other authorities responsible for supervising and applying sanctions for non-compliance with the LGPD, such as the National Consumer Secretariat – SENACON and the Public Prosecutor’s Office
Structuring of internal processes and security incident response policies and plans aimed at identifying and defining the appropriate stance regarding data subjects, authorities and third parties in the event of security incidents.
