Areas of expertise

We have specialists in several areas with national and international experience.

Digital Law and Data Protection

General Personal Data Protection Law

The General Law for the Protection of Personal Data (Law 13.709 of August 14, 2018), also known as LGPD, will come into force in August 2020. It submits personal data to the protection of the law, imposing on companies the need to adapt to a series of new principles and procedures for legally handling personal data and guaranteeing the rights of data subjects. Training for the qualification of supervisors and employees.

Creation/review or audit of a comprehensive data protection compliance program. Mapping of Personal Data handled by the company. Guidelines for adaptation to the LGPD In an adaptation project to the LGPD, pay attention to the following points:

 

  • Control of internal access to your company’s personal data. You should check who, internally, has access to your company’s personal data and their respective prerogatives (deletion, modification, insertion, etc.). Then, confront reality with the best security practices, making adjustments, if necessary.
  • Third party management: Subcontractors and business partners who have access to your company’s personal data. The list must be analyzed and the use of personal data verified, eventually giving precise instructions on the subject, depending on the case.
  • Your company’s information security must be strengthened. It is about checking the infrastructure that currently exists and making certain adjustments to minimize the risk of incidents that could cause damage to the holders of personal data and lead to compensation.
  • The management of personal data transferred by other companies to yours. The activity of some companies consists wholly or partially of processing personal data transferred by other companies. It is necessary to take certain precautions and discipline the relationship so that your company is not held responsible in case of incidents.
  • Compliance with the rights of the holders of personal data. The creation of processes to manage the demands for exercising the rights of holders. As of the entry into force of the LGPD, holders of personal data are entitled to know whether their company processes personal data about them, to access them, modify them, etc.

The General Law for the Protection of Personal Data and the Health Sector

The General Data Protection Law – LGPD strongly impacts the healthcare sector. This is because, in addition to the impact common to all companies (data on employees, visitors, third-party shareholders, etc.), the essence of the activity of companies in the health sector implies the treatment of a high volume of data related to patients, consumers of medicines, clinical tests and diagnostics, etc. Such data are considered “sensitive” by the LGPD, which imposes a special legal regime for its treatment. Training for the qualification of supervisors and employees. Advising on the harmonization of regulatory obligations in the health area with the LGPD. Mapping of Personal Data and qualification of Sensitive Personal Data processed by the company.

Challenges brought by the LGPD to the health sector

During a project to adapt a company in the health sector to the LGPD, the following points should be observed:

  • Disposal of documents containing sensitive personal data. A disposal/retention policy must be implemented, observing the mandatory storage periods possibly imposed by specific laws.
  • Sharing health-related data with third parties. LGPD prohibits the sharing of sensitive personal data between controllers for the purpose of economic advantage. You must analyze the flows of personal data originating from your company and eventually adjust them to avoid heavy sanctions.
  • Control of internal access to your company’s personal data. You should check who, internally, has access to your company’s personal data and their respective prerogatives (deletion, modification, insertion, etc.) and confront reality with the best security practices, making adjustments, if necessary.
  • The formation of the commercial and credit and collection team is imperative. Since every customer of the company is potentially a patient, lack of staff awareness can lead to incidents with sensitive personal data that could be avoided through an adequate training process.
  • Your company’s privacy policies must be prepared or revised in order to reconcile the interests and rights of the holders of personal data with the duty to protect sensitive personal data imposed on your company.

How we can help your business:

See all I would like to speak to an expert

See too:

Concentration and antitrust acts (CADE)

Concentration and antitrust acts (CADE)

Compliance and Anti-Corruption

Compliance and Anti-Corruption

Digital Law and Data Protection

Digital Law and Data Protection

Real estate

Real estate

Regulatory

Regulatory

Corporate – mergers and acquisitions (M&A)

Corporate – mergers and acquisitions (M&A)

Credit recovery

Credit recovery

Relations with public administration (PPPs, bids and others)

Relations with public administration (PPPs, bids and others)

Conflict resolution: arbitration and mediation litigation

Conflict resolution: arbitration and mediation litigation

Labor

Labor

Tax

Tax

Environmental

Environmental

Family Law/Successions

Family Law/Successions

Immigration

Immigration

Legal Family Office

Legal Family Office

Judicial and Extrajudicial Auctions

Judicial and Extrajudicial Auctions

Mining

Mining

Business criminal

Business criminal

Social security

Social security

Intellectual/industrial property (INPI)

Intellectual/industrial property (INPI)