Data Protection

Finocchio & Ustra’s Data Protection area has a team of experienced and certified professionals who work in the structure and implementation of personal data governance programs for companies of all sizes and activities.

In recent years, numerous rules that regulate the processing of personal data have emerged around the world. Some are more complex than others, but all with a common objective: to balance the intelligence applied to personal data in the technological and commercial environment with fundamental rights such as privacy, freedom, intimacy, informational self-determination, and honor.

Both the General Data Protection Law in Brazil (LGPD) and the European GDPR require adjustments and improvements to processes and flows of personal data from almost all sectors of the economy, not only to the external customers (clients, service providers, suppliers), and for the internal customers (employees, third parties, etc.), both in the digital and analog environments.


Among the main areas of activity, the following stand out:

  • General Data Protection Law: training and preparing of educational material;
  • Legal advice and consultancy for mapping data and information flows (data mapping), analysis of internal processes and preparation of recommendations and risk analysis regarding the processing of personal data (gap analysis);
  • Preparation and analysis of documents under the protection of personal data;
  • Drafting or analyzing privacy policies, terms of use for the processing of personal data and other corporate policies to regulate personal data processing;
  • Legal advice on the preparation of Impact Reports on the Protection of Personal Data
  • Advice to the DPO – data protection officer and DPO as a service;
  • Creation of internal processes to adequately respond to data subjects, as well as to security incidents involving personal data;
  • Analysis of the compatibility of policies, procedures, and practices for processing personal data from other countries or blocks with Brazilian legislation;
  • Assistance in obtaining certifications;
  • Assistance in carrying out audits related to the governance of personal data protection;
  • Legal advice in defending the interests of companies with the National Data Protection Authority (ANPD) and other competent authorities to inspect and impose sanctions for non-compliance with the LGPD.