Work for companies and organizations covers the full privacy and data protection cycle: from initial assessment to ongoing governance, including contracts, international transfers, incident response and compliance with emerging regulatory frameworks — artificial intelligence included.
Frequent areas of work
- Assessment and compliance roadmaps for the LGPD, GDPR, Law 25 (Quebec) and other legislation
- External Data Protection Officer (DPO) — on retainer or per project
- Review and drafting of contracts with data processing clauses (DPAs, BCRs, standard clauses)
- Artificial intelligence governance — alignment with the EU AI Act, the Colorado AI Act and Brazil’s Bill 2338/2023
- Data protection impact assessments (DPIA) and AI risk assessments
- Legal response to security incidents involving personal data, including notification to the ANPD
- Support in audits, inspections and administrative proceedings before authorities
- Training and internal capacity-building for legal, technology and business teams
Sectors with consolidated experience
- Healthcare and life sciences
- Financial services and insurance
- Technology, SaaS and digital platforms
- Education and childhood
- Human resources and labor relations
- Aviation and critical infrastructure