On January 28, International Data Protection Day is celebrated. The date originated from Convention 108 of the Council of Europe, in 1981. For 2026, the main challenges in this area are related to the use of artificial intelligence, as explained by lawyer specializing in Digital Law and partner at DSF Advogados, Bárbara Ravanello.

What is the current scenario in the area of data protection?

The protection of personal data is essential to prevent the exposure of private information to the general public, avoiding its use in scams. Digital crimes are diverse. As an example, we can mention the leakage of passwords from corporate systems, with the aim of invading them, paralyzing their use, and demanding a ransom.

It is also common for data to be used to deceive the data subject, claiming to be a store or a carrier and charging an amount to release goods. Another situation involves opening bank accounts to take out loans and make purchases, leaving debts for the real person or for the companies that sold to the impostor.

What are the main challenges related to cybersecurity in 2026?

Cybersecurity consists of actions aimed at protecting digital assets (systems, networks, cloud) against cyber threats such as hackers and malware. The new challenges will be the improvement of attack techniques and capacity due to the use of artificial intelligence, as well as the lack of structured system governance to support protection.

However, old challenges continue to exist, such as the lack of digital maturity among users in caring for their personal data and using systems properly, as well as the lack of investment in systems and training to prevent threats.

International Data Protection Day is the title
It is common for the press to report scams at a personal level, mainly involving retirees and other vulnerable people. How are these attacks present nowadays in companies? Are they also vulnerable?

Within companies, attacks occur by seeking flaws in systems to obtain information or prevent them from being used.

As a result, a ransom may be demanded to return the data and/or allow the company to regain access to its systems and resume operations. Companies are vulnerable, especially after the digitalization of their operations. Nowadays, they can no longer carry out their work or issue invoices without access.

They rely heavily on their social networks and e-commerce, so these systems are also frequent targets of attacks.

Are companies that have already formed teams and strategies for data privacy and digital security safe, or do they need to constantly remain in training?

Even if a company has made heavy investments, criminals are constantly innovating. Systems become obsolete over time, and attack methods are updated. Therefore, maintaining updated technological solutions and renewing policies and training is essential.

Artificial intelligence has arrived for everyone – including criminals. Do companies know how to take advantage of this resource safely? Companies are paying attention to the various opportunities that AI has brought to their operations.

However, they are still not prepared for the sophistication it has brought to cyberattacks and crimes in general. In addition, there is the risk of errors related to AI, such as lack of respect for copyright, exposure of business secrets, and an increase in cyber risks – which is one of the main focuses of data protection for 2026.