Data Protection and Technology Law
Advisory and consultancy focused on:
- Consultancy specializing in national and international Privacy and Data Protection regulations, such as GDPR, LGPD, CCPA, COPPA, HIPAA etc.
- Risk and litigation analysis and prevention
- Perform compliance procedures with national and international Data Protection regulations
- Holistic fit of the company according to business model and actual needs
- Strategic negotiation of national and international contracts
- National and International Litigation and Arbitration
Privacy and Compliance in Brazil
We are in a time of paradigm and culture change regarding privacy and data protection in Brazil, as the first specific regulation, the General Data Protection Law (nº 13.709 / 18 – LGPD) comes into force. ), which will take place in August 2020. This is a statutory instrument that is driven and in line with the rigor of the European Union Regulation (GDPR) by imposing technical and administrative measures on data processing companies.
The new rights of holders, such as exclusion and portability, impose the adequacy and creation of corporate governance plans in public and private institutions.
Transactions made with personal data must comply with the authorizing hypotheses and legal principles, in addition to being subject to the possibility of supervision by the National Data Protection Authority.
Although not yet in place, LGPD has already influenced judicial sanctions and prompted official requests to comply with its guidelines.
Indeed, the advantages of immediate compliance include (i) increased legal certainty; (ii) business opportunity, given the growing number of clause requests and compliance measures by third parties and partners; (iii) credibility with consumers; (iv) savings on investments in contract drafting and development of new LGPD-compliant products.
Scope of Application – Extraterritoriality of Regulations:
The Brazilian General Data Protection Act (), effective August 2020, applies to individuals or legal entities, public or private, who:
(i) collect personal data from individuals located in Brazil;
(ii) perform data processing in Brazil; or
(iii) offer goods and / or services to individuals located in Brazil
In addition to LGPD, Brazilian companies will eventually have to comply with the General Data Protection Regulation of the European Union (GDPR – No. 2016/679), in force since 25/05/2018, due to its extraterritorial application to establishments that:
(i) have representation in the U.E., regardless of data processing occurring in that territory;
(ii) offer goods / services, or monitor behavior of individuals located in the U.E, or
(iii) are operators of personal data hired by companies subject to the scope of application of GDPR