Personal Data Protection

Alongside technological advancements, a new form of economy has emerged, entirely based on various types of personal data, with many users and companies often unaware of this reality.

In Brazil, data protection currently occurs as a reflection of the protection of privacy and intimacy, provided as fundamental rights and guarantees in the Federal Constitution; personality rights in the Civil Code; in the context of consumer, banking, and credit relations, under the Consumer Protection Code, Banking Secrecy Law, and Positive Registration Law; concerning communications, under the Telecommunications Law; as a guiding principle in the discipline of internet use in Brazil, and as a right of internet users, as established by the Civil Rights Framework for the Internet and its regulatory decree, without prejudice to other regulations.

Internationally, the approval of the European General Data Protection Regulation (GDPR) stands out, bringing data protection into the spotlight, notably due to the extraterritorial effects of the new regulation.

However, in August 2018, Law No. 13,709/18 was enacted, known as the General Data Protection Law (LGPD), as it provides a uniform protection regime for all data processing operations, empowering data subjects as the true “owners” of their data. Therefore, public and private entities that process personal data in Brazil or offer goods or services to individuals in the national territory must comply with the new regulations, as expressly stated in the new law.

As a result, significant challenges arise, such as mapping the correct legal basis for data processing, harmonizing the LGPD with other guidelines, including for facilitating the operations desired by the company.

The LGPD is already in force, allowing it to be used as a legal source for judicial and administrative proceedings and for responding to data subjects’ requests. Administrative sanctions related to personal data protection can be applied by the National Data Protection Authority (ANPD). Although the ANPD’s authority prevails over other entities or public bodies, these can apply other penalties according to their competencies and within the limits of applicable laws.

We also highlight that the LGPD compliance project adds value to the business and the brand, while reducing the inherent risks of business activities due to enhanced information security and employee awareness.

Our services include:

  • Review of Data Mapping (Registration of Personal Data Processing Operations)
  • Review/Preparation of Terms of Use
  • Review/Preparation of Privacy Notice
  • Preparation of Internal Personal Data Protection Policy
  • Preparation of Acknowledgment and Transparency Term
  • Review of Employment Contract
  • Review/Preparation of Information Security Policy
  • Review/Preparation of Home Office Policy
  • Preparation of Privacy by Design Policy
  • Drafting and reviewing necessary business contracts
  • Participation in meetings involving data protection matters
  • Drafting Legal Analyses and Opinions
  • Assistance to the Data Protection Officer (DPO)
  • Drafting Responses to Official Inquiries
  • Preparation of Incident Response Policy
  • Preparation of Data Subjects’ Rights Policy
  • Preparation of Cookie Policy
  • Structure of the Data Protection Impact Assessment (DPIA)
  • Preparation of Privacy and Data Protection Governance Policy
  • Structure of the Legitimate Interest Assessment (LIA)
  • Evaluation of Legitimate Interest; Preparation of Data Processing Agreement (DPA)
  • Specialized legal support to the DPO for executing the Privacy Program activities
    DPO “As a Service”
  • Interaction with Regulatory Bodies – ANPD, SENACON, PROCON, IDEC, among others
    Incident Management