The professionals of this practice have been following the legislative landscape of data protection and privacy in Brazil, including the Internet Framework Law and the more recent General Law of Data Protection (LGPD).

The integrated, multidisciplinary and strategic team works with clients across a variety of sectors, from helping companies that handle data to adapt to the LGPD and other applicable standards – for example, understanding the impact this law has on their business and defining the measures needed to comply with the applicable legal requirements –, through implementing and monitoring data protection programs and best practices (including internal corporate policies, documents and training and creating incident response and remediation procedures), advising on international data transfers and interacting with regulatory and auditing authorities, among others.

Our experience covers:

  • Advising on data protection, privacy and safety tailored to the specifics of different markets.
  • Conducting internal audits and preparing impact reports to identify risks based on the client’s business model and operations, drawing up codes of conduct, internal policies and personalized procedures in line with preexisting internal governance policies, including their continuous performance monitoring.
  • Carrying out training or providing training instructions for employees and line managers at departments involved with processing personal data, as well as carrying out regular performance assessments to ensure compliance with data protection and privacy rules and standards, as well as damage limitation.
  • Drafting, reviewing and adapting data handling privacy policies and terms of use to national requirements. Evaluating, drafting and negotiating contracts that involve the processing of data between clients and controllers, processors and data subjects.
  • Developing and implementing Information Security programs based on ISO 27.001, 27.002, 27.701, BACEN and HIPAA standards.
  • Drafting, reviewing and adapting internal policies, contracts and documents related to information security, such as Information Security Regulation, Remote Work policies, BYOD policies, Security Incident Treatment and Response policies and playbooks, among others.
  • Advising on treatment and response to information security incidents.
  • Advising on the structuring of corporate operations and contracts within the context of privacy legislation and data protection.
  • Consulting on administrative and judicial data protection-related demands.