Sign In

Data Protection and Cybersecurity

Brazil Law Firm of the Year, Chambers & Partners 2020

  • The Brazilian General Data Protection Law (LGPD) regulates how organizations can use personal data in Brazil by establishing detailed rules for its collection, use, treatment, and storage.

    The LGPD has led to a profound transformation in the Brazilian data protection system. Being reasonably in line with the European legislation (General Data Protection Regulation - GDPR), the LGPD affects all sectors of the economy both inside and outside the digital environment, including relationships between customers and suppliers of goods and services, employees and employers, as well as other relationships in which personal data is collected and processed.

    Check here to see an explanatory infographic on the main key points of the new LGPD..


    The Data Protection and Cybersecurity practice offers the following services:

    Extraterritoriality and the laws applicable to data protection
    • Legal assistance in the interaction between foreign and domestic privacy and data protection laws, including the Brazilian Consumer Defense Code.

    Industry-specific data protection regulations
    • Counsel on privacy and data security laws applicable to a wide range of economic sectors.


    Compliance with data protection and digital governance
    • Preparation of privacy policies and terms of use for handling data;

    • Preparation of compliance programs for the treatment of personal data and security of information;

    • Development of corporate policies and special procedures, including monitoring policies, use of IT resources, use of social media, and information retention.

    Training and review of data protection practices
    • Training and assistance with the preparation of educational materials for employees and service providers, focusing on privacy, data protection, and security of information.

  • Data leakage and cybersecurity
    • Assistance with the prevention and management of security incidents;

    • Assistance with investigations of internal and external security incidents;


    Interface with Regulatory and supervisory authorities
    • Support in interactions between clients and public agencies tasked with monitoring compliance with regulations related to personal data protection, including public prosecutors, consumer protection authorities and agencies, and other regulatory agencies.


    Big data and IoT (Internet of Things)
    • Consultation on the use of databases (market analytics and big data) and the treatment of information within online activities and related technologies, including IoT, smart and wearable devices.


    Privacy by design
    • Assistance with the creation of products and services with a focus on data protection regulations.


    International data transfers
    • Analysis of the legality of international data transfer and the applicable instruments;

    • Preparation of agreements, binding corporate regulations, codes of ethics, standard clauses that suggest data transfer and/or processing, including agreements with commercial partners and suppliers.


    Cloud computing
    • Legal opinions on the legality of cloud-based solutions for a wide range of regulated industries;

    • Assistance with service agreements relating to the cloud.


    Strategic litigation in the technology sector
    • Assistance for individual or class actions dealing with undue use of data, civil or contractual liability, or security events;

    • Legal assistance in the analysis of judicial and administrative filings for sharing of personal data.

  • See more