The General Data Protection Law (LGPD), together with international data protection and privacy legislation, has brought significant changes to the global landscape, including new and stringent obligations for companies, new rights for individuals, and enforcement and sanctioning powers for regulators.

One immediate change was the increased awareness in society of the importance of data protection, evidenced by an increase in individuals seeking to exercise their rights under the LGPD and increased activism by privacy groups.

All private companies and public entities that handle Personal Data, regardless of size, must comply with the LGPD. Such Personal Data may come from customers, employees, service providers, business partners.

The incorporation of this new privacy paradigm into the corporate culture will reflect on the reputation with customers, and generate a competitive edge in the marketplace. Therefore, planning is essential.

About the centre

Our Center helps Clients comply with all aspects of the General Data Protection Law. We develop compliance projects adherent to each client’s reality, enabling the implementation of the Privacy and Data Protection Program in an accessible way, always identifying their needs as a result.

Our advice covers all stages of the Privacy Program implementation project: from the review of all Customer Personal Data processing operations, preparation of the compliance roadmap and the documentation that needs to be implemented to enable processing, to the provision of the service of Data Protection Officer (DPO) service, as well as support with Holder Care, ANPD authority and incident response.

We support our Clients in court and administrative demands involving the issue of data privacy, including crisis management in the case of incidents, a situation that requires a fast and multidisciplinary action to avoid losses. We also offer advice on risk analysis and legal feasibility of new products and business models, providing specialized consulting.

Activities

• Maturity assessment and implementation of the Privacy and Data Protection Program;
• Consulting in matters related to data protection and information security in the advisory and litigation spheres;
• Specialized auditing to identify information security, data protection, intellectual property, and regulatory risks;
• Drafting of internal information security policies, including, information security and device monitoring terms, password policies, email usage and clean desk, recovery plans, information security incident plans, and confidentiality policies;
• Legal risk assessment in the development and deployment of technologies, products, and services with a focus on privacy and personal data protection;
• Support in choosing and contracting insurance for the protection of the company’s intangible assets from information security incidents;
• Management of all aspects in case of an Information Security Incident, with preventive and reactive incident advisory, identification of the incident root cause, and mapping of technical and operational solutions;
• Advice for internal exercise of the DPO function, with support to the Client in the selection, training and mentoring of the Personal Data Protection Officer;
• Monitoring of legal and administrative proceedings involving issues related to data privacy;
• DPO AS A SERVICE – outsourcing of the complete DPO (Data Protection Officer) or Personal Data Protection Officer function, acting in the following fronts:
• Compliance monitoring;
• Record keeping of personal data processing activities by the business areas;
• Update of the Personal Data Protection Impact Report;
• Monitoring of responses to requests from holders;
• Managing evolution of the maturity of the Privacy Program;
• Technical-legal support in the development of new initiatives (Privacy by Design);
• Privacy Committee Management;
• Recycling to employees through training and engagement campaigns;
• Incident monitoring; and
• Relationship with ANPD.