Data Protection

FIUS's Data Protection practice brings together an experienced, certified team that designs and implements the pillars of privacy-governance programs for companies of every size and sector.

In recent years, a wave of regulations governing the processing of personal data has emerged around the world — some more complex, others lighter-touch, but all sharing a common goal: balancing the intelligence applied to personal data in technological and commercial environments with the fundamental rights of the individual, including privacy, freedom, intimacy, informational self-determination and honor.

Both Brazil's General Data Protection Law (LGPD) and the European GDPR require recording of operations and improvement of processes involving the processing of personal data — in digital and analog environments — across organizations of every economic sector, public and private. Data protection applies not only to external data subjects (clients, service providers, suppliers) but also to internal ones (employees, third parties and others).

FIUS brings certified, continually updated professionals to help clients refine corporate routines and produce the policies, documents and training programs required by data-protection legislation. We also help clients mitigate the risks of security incidents involving personal data — supporting crisis management, risk assessment and, where required, communication to the competent authorities and data subjects.

Among our main areas of practice:

• Data-protection training for the general workforce and for specific areas (HR, IT, Comms/Marketing);
• Drafting of internal communication materials;
• Legal counsel on data mapping and information flows, review of internal processes, and recommendations and risk analysis on personal-data processing (gap analysis);
• Drafting and review of documents from a data-protection standpoint;
• Drafting or review of privacy policies, terms of use for personal-data processing and other corporate policies governing personal-data processing;
• Legal counsel on the preparation of Data Protection Impact Reports;
• Counsel to the DPO (Data Protection Officer) and DPO-as-a-service;
• Creation of communication channels and internal processes to respond appropriately to data subjects;
• Drafting of Incident Response Plans for security incidents involving personal data, and support on measures should the event materialize — including notifications to data subjects and to the ANPD;
• Analysis of the compatibility of foreign-jurisdiction data-protection policies, procedures and practices with Brazilian law;
• Support in completing LGPD compliance forms sent by business partners and other third parties;
• Support in obtaining data-protection certifications;
• Support in audits relating to personal-data-protection governance;
• Legal defense before the ANPD and other competent authorities in cases of alleged LGPD breaches.