Since its foundation, DSF Advogados has been oriented towards corporate law, developing a preventive service provision model, capable of guiding companies to achieve their economic goals without risking compliance with the laws.
DSF Advogados offers its clients the Compliance Program , as a set of corporate integrity actions, mechanisms and documents, required by modern corporate governance, which recognizes business ethics as the main pillar of business sustainability.
It could not be different, with the arrival of the General Data Protection Law, DS also develops mechanisms for its adequacy.
Along these lines, the following works are carried out:
Defense of the company's interests in legal and administrative actions involving privacy and data protection.
Monitoring the security incident management process, risk assessment and the need to report the incident to the Authority and data subjects, in order to preserve the reputation and image and minimize damage to the organization.
Guidance to the Committee and the DPO regarding: application of the LGPD; updates in legislation, jurisprudence and administrative fines; security incidents; responses to data subjects; review and analysis of contracts involving data processing; follow-up of indicators; maintenance of data flows and mappings and assistance in case of legal or administrative actions; among other guidelines involving privacy or information security.
Estruturação e aplicação de auditoria nos Programas de governança, identificando vulnerabilidades e gaps e indicando planos de ação para correção.
The program is implemented in the form of a project, which is structured and coordinated by DSF Advogados, always with the participation of an internal committee of the client. Among the main actions of the project, we have:
1) Structuring and training of the Information Privacy and Security Committee;
2) Mapping the flow of personal data;
3) Elaboration of diagnosis with GAPS and Risk Map;
4) Preparation of impact report, ROPA, DPIA and LIA.
5) Indication of Action Plans to correct identified vulnerabilities.
6) Creation of internal Governance, Security and Privacy Policies;
7) Elaboration of Privacy Policies for websites, applications and platforms.
8) Review of contracts involving sharing of personal data, in order to include clauses with responsibilities and rules for data processing (Controller and Operator).
9) Creation of indicators for the governance Program.
10) Training of all company employees, presenting the Compliance rules.
We work with different training formats, for different audiences and focuses, whether to form Committees, the DPO or even to spread the data protection culture to the company's employees and prepare them to comply with the internal rules of Compliance.