Our Data Protection area at Finocchio & Ustra Advogados has a team of experienced and certified professionals, who work on structuring and implementing the pillars of privacy governance programs for companies of all sizes and business segments. 

In recent years, numerous rules regulating the processing of personal data have emerged around the world. Some are more complex, others more superficial, but they all have a common purpose: to balance the intelligence applied to personal data in the technological and commercial environment with the fundamental rights of any natural person, such as right to privacy, freedom, intimacy, informational self-determination and honor.

Both the General Data Protection Law in Brazil (LGPD) and European legislation (GDPR) require the registration of operations and improvement of processes involving the processing of personal data in a digital and analog environment by organizations from all business segments of the economy, whether in the public or private sphere. It is worth highlighting that data protection applies not only to data subjects composing an external public (customers, service providers, suppliers), but also to the internal public (employees, third parties, etc.). 

In this context, FIUS has certified professionals who are constantly posted on the subject to support their clients by improving their corporate routines and preparing their policies, documents and training necessary to comply with the laws and regulations related to the processing of such data. Likewise, it helps its clients to mitigate the risks arising from security incidents involving personal data by supporting their crisis management, risk assessment and offering support in any need to communicate with competent authorities and data subjects.

 

Among the main areas of activity, the following stand out:

  • Data protection training for the general public and specific areas of the company (HR, IT, COMMS/MKT);
  • Preparation of internal communication material;
  • Legal advice and consultancy to map data and information flows, review of internal processes and make recommendations and risk analysis regarding the processing of personal data (gap analysis);
  • Preparation and review of documents from the perspective of personal data protection;
  • Preparation or review of privacy policy, terms of use for the processing of personal data and other corporate policies to regulate the processing of personal data;
  • Legal advice on the preparation of a Personal Data Protection Impact Report;
  • Advice to the DPO (Data Protection Officer) and DPO as a service;
  • Creation of communication channels and internal processes to respond appropriately to data subjects;
  • Preparation of a Response Plan for security incidents involving personal data and support for measures in the event of an adverse event, which includes communication to data subjects and the National Protection Data Authority – ANPD;
  • Analysis of the compatibility of policies, procedures and practices for processing personal data from other countries or blocks with Brazilian legislation;
  • Support in filling out LGPD compliance forms sent by business partners and other third parties;
  • Support in processes for obtaining certifications related to the topic;
  • Support in carrying out audits regarding governance in the protection of personal data;
  • Legal advice in advocating for our client’s interests before the ANPD and other competent authorities to monitor and impose sanctions for non-compliance with the LGPD.

Partners and Area Coordinators

HEAD | MARCO AURELIO BAGNARA OROSZ