How we advise our clients? – Regulatory, Transactional and Litigation services in Privacy & Data Protection

Transactional

Third-Party Management and Data Sharing Risks

• Third-party assessment
• Review of contracts and clauses

M&A Operations

• Due diligence
• Review of M&A contracts

Competition Law

• Analysis of concentration acts and antitrust law

Litigation

Litigation

• Strategic cases
• Class actions
• Litigation for tech companies
• Individual claims (data subjects)
• Labor claims

Elections

• Online advertising
• Bulk messaging
• Law enforcement requests
• Court and administrative claims

Administrative Litigation

• ANPD (Brazilian DPA)
• Consumer claims
• Regulatory agencies (e.g., banking and health sectors)
• Public prosecutor / District attorney

Regulatory

LGPD and Sector Specific Compliance

• Full compliance – LGPD and sector-specific legislation
• Perfecting and adapting existing privacy programs
• Compliance for small businesses and startups
• Compliance for specific industries and sectors

Data Protection Advice

•  Risk assessment
• Privacy notices
• Corporate policies
• Labor practices
• Marketing practices

DPO as a Service

Training and Awareness

• Training sessions in english for lawyers and non-lawyers

Public Policy & New Regulations

• Advocacy actions
• Monitoring of recommendations and guideliness published by ANPD (Brazilian Data Protection Authority)

Emergency

Data Incident Center

• 24/7 hotline – obtain incident assistance anytime
• incident@camposthomaz.com

Ongoing advice in data incidents

• Risk assessment
• Notification to ANPD / data subjects / third parties
• Forensic investigations
• Administrative and judicial proceedings
• Internal documentation and communication

Improvement and Recommedations

• Data incident response plan
• Tabletop exercises
• Information security measures

LGPD and Sector-Specific Compliance

Full compliance: LGPD and sector specific legislation

• For organizations that need to start from scratch and achieve full compliance

Compliance for small business and startups

• Customized packages for small businesses and startups

Perfecting and adapting privacy programs to local laws

• For companies with not all but some compliance efforts or international privacy programs that need to be adapted to Brazilian laws

Compliance for specific industries and sectors

• Assistance in obtaining compliance with privacy, data protection, and information security legislation in regulated sectors and activities, such as Technology; Digital business; Internet; Consumer protection; Data analytics; Artificial intelligence; Banks
  and payment institutions; Credit and information bureaus, Health; Insurance and pension; Retail; Automotive; Infrastructure; Agrotechnology; Educational; Tourism

Data Protection

Data Protection Impact Assessments (DPIA)

• Draft and review of data protection impact assessments (DPIA), as required by the Brazilian Data Protection Authority (ANPD)

Drafting and review of corporate policies, such as:

• Acceptable use of personal data
• Data retention
• Information security
• Data sharing and third party management
• Acceptable use of social networks

Draft and review of privacy notices

Advice in responding to data subject’s requests

Draft of consent forms

Advice in structuring privacy and data protection governance programs

Assistance on risk assessments for new products, services, or business processes, with the recommendation of risk mitigation measures

Data Protection

Assessment of marketing practices, including the following:

• Requirements for lead collection
• Capturing leads via inbound marketing
• Targeted marketing campaigns, such as emails and newsletters, Whatsapp and SMS messages
• Online campaigns and advertisements

Assessment of labor practices, including the following:

• Recruitment and selection, including background check
• Collection, processing, and sharing of employee’s sensitive health data with health insurance plans, medical statements, admission or dismissal examinations, or employees’ health monitoring practices, among others
• Data processing in individual performance assessments
• Employee monitoring using IT resources
• Bring your own device policies
• Acceptable use of corporate equipment and systems
• Data retention policies

Assessment of compliance practices, including best practices in internal investigations

Advice on the creation of scripts and protocols to comply with data subject’s rights in communication channels

Advice in interactions between intellectual property protection and data protection

Participation in privacy committee meetings

DPO as a service

• Appointment and assistance as Data Protection Officer (DPO)

Public Policyand New Regulations

• Government Relations: Advocacy actions
• Monitoring of new recommendations and guidelines published by the Brazilian Data Protection Authority (ANPD)

Training and Awareness

• Development oftraining and awareness programs for employees and third parties
• Development of content and training for employees and third parties
• Development of awareness actions for employees and third parties

Third-Party Management and Data Sharing Risks

• Development of risk classification policy for data sharing with third parties
• Assessment of data sharing operations and recommendation of technical and legal measures to mitigate risks
• Draft and review of contracts involving data sharing with third parties such as vendors and business partners, including the review of data protection clauses
• Draft and review of data sharing agreements and appropriate safeguards for allowing international transfer, including review of standard contractual clauses, binding corporate rules, and customized contractual clause

M&A and Antitrust

• Due diligence in M&A operations, with risk assessment from a privacy and data protection standpoint
• Draft and review of contracts in M&A transactions, with specific representations and warranties regarding privacy and data protection
• Antitrust advice, including in acts of concentration in transactions involving intangible assets such as databases

24/7 Data Incident Center

• If your organization is facing a data breach, security incident, or ransomware attack, every minute matters, and we are here to help immediately
• We provide ongoing assistance in data incidents, 24 hours per day, 7 days per week
• In the event of an incident, please get in touch with us through the Data Incident
  Center at incident@camposthomaz.com

Improvement Recommendations

• Drafting and review of data incident response plans
• Conduction of tabletop exercises, simulating a data incident so that everyone is prepared for the actual emergency
• Advice on improvements to information security practices

Ongoing Assistance in Data Incidents

• Risk assessment of data incidents and recommendations on requirements to notify data
  protection authorities, data subjects, and third parties
• Representation before the relevant authorities, including the data protection authority
  (ANPD) and consumer protection agencie
• Advice during forensic investigations
• Drafting and review of notifications and communication with data protection authorities, affected data subjects, and third parties
• Representation in administrative investigations and lawsuits initiated by the Public Prosecutor’s Office/District Attorney
• Draft and review of documentation regarding a data incident for accountability purposes
• Representation in claims and lawsuits initiated by data subjects

Litigation

Strategic Litigation

• Representation in individual or class action lawsuits

Small Claims Court

• Representation in lawsuits filed by data subjects

Specialized Tech Litigation

• For technology and internet companies. We assist in responding to requests from law enforcement

Administrative Litigation-Consumer

• Representation of clients in administrative proceedings initiated by consumer protection agencies

Administrative Litigation-Regulated Sectors

• Representation in administrative proceedings initiated by agencies of regulated
  sectors, such as banking, health, insurance, and others.

Labor Litigation

• Representation in lawsuits filed by employees or former employees

Administrative Litigation (ANPD)

• Representation in administrative proceedings initiated by the Brazilian Data Protection Authority (ANPD)

Elections

• We represent our clients during the Election period, including the following: Online advertising, law enforcement requests, bulk messaging, court and administrative claims.

Administrative Litigation – Public Prosecutor’s Office

• Representation in administrative investigations initiated by the Public Prosecutor’s Office/District Attorney

share