Areas Of Practice

Advice on privacy and protection of personal data

Personal data protection and privacy have gained prominence in the activities of companies and organizations in the most diverse segments. Best practices associated with the use of artificial intelligence, behavioral advertising, security incidents, Privacy by Design, digital compliance, cybersecurity, among others, have become keywords in a complex regulatory environment.

In Brazil, the General Data Protection Law – LGPD (Law No. 13,709/2018) regulates the procedures to be adopted for the protection of personal data. Sanctioned in August 2018, the Law entered into force on September 18, 2020 and, since August 2021, sanctions and fines can be applied by the Brazilian authorities to processing agents.

Since 2022, data protection has become part of the set of fundamental rights provided for in the Brazilian Constitution, offering greater legal certainty for citizens in the exercise of their rights and predictability for obligations on the part of controllers and processors.

The Brazilian legal framework has a concrete impact on the daily lives of individuals and companies, particularly considering:

• The complexity of matters related to personal data processed (collected, stored, manipulated, shared, transferred internationally);
• The sectorial and organizational aspects of the industry involved in the analysis and its activities in Brazil and abroad;
• Constant need to demonstrate compliance to customers, visitors, employees, service providers, suppliers, government, regulatory, and judicial authorities, insurance companies; and
• The sanctions and fines currently in force provided for by the LGPD and currently being regulated by the National Data Protection Authority, in addition to its inspection activities.

The LGPD establishes clear rules on how organizations must process users’ information, adopting procedures and measures to ensure the security and transparency of information.

L.O. Baptista’s Privacy and Data Protection team has highly qualified professionals who are prepared to advise companies in this procedure, which requires the mapping of the entire flow of personal data within the company and with its partners and the correct direction of internal procedures, for compliance with the LGPD.

The performance of L.O. Baptista also covers data processing through internet applications, social networks by the company; analysis of gaps in communication and storage procedures, preparation of reports and institution of policies, as well as effective control mechanisms so that the deadline for compliance is used efficiently.

Our experience has shown us that the mapping and diagnosis phases are essential pillars to support an adequacy project, but they are not the only ones. Sometimes critical business issues need to be prioritized.

For this reason, L.O. Baptista provides clients with dynamic advice, including through interdependent work scopes, according to the client’s needs, generating perfect synergy when developed jointly.

How we can help:

• Mapping for inventories of personal data circulating in the areas and diagnosis of the processing of personal data carried out;
• Identification of Gaps (Gap Analysis) of activities and operations with personal data and resulting risk, from a legal point of view.
• Advice on regulatory impacts and risks to the business, along with recommendations for mitigating such risks.
• Structuring of Governance in Data Protection and Privacy, and preparation of an Action Plan for Data Controllers.
• Training and awareness projects for Teams, Management Positions, Business Partners.
• Preparation of legal documents, including contracts with suppliers, clients, partners, and employees.
• Development of Policies and guidelines for sectors, departments, and specific demands.
• Update of Maturity Reports, Audits, and Project Recycling
• Advice on the preparation of Data Protection Impact Reports (RIPD) for risky activities to companies
• Advice on security incidents for the preparation of impact reports and petitions to the National Personal Data Authority
• Legal assistance for the application of privacy by design principles in new products and services
• Preparation and legal review of client’s data instruments and policies, privacy safeguards, and plans for privacy defenses in commercial agreements
• Consultancy in the selection of the Data Protection Officer (DPO) and advice on the activities carried out by this position.[1]
• Advice on procedures related to international data transfer and sectorial compliance in multiple jurisdictions (European Union/GDPR, United Kingdom, Asia, and Americas)
• Advice on the preparation of technical documents, material contributions and subsidies in public consultations, and collection of subsidies before Brazilian and foreign regulatory authorities
• Advice to clients on plans for notifying personal data security incidents and disputes relating to information security
• Representation of our clients in administrative proceedings before regulatory authorities, the National Data Protection Authority, in addition to legal proceedings, with strategic theses with general repercussions.