Protection beyond the web: from complying with the LGPD to cybersecurity crises

We all know that the world grows more digitally dominant each day. Such transformation is less likely to be carried out safely for your company without the legal assistance of a team that is vastly experienced in and consistently up to date with technology law.

Demarest is capable of not only managing cybercrime, data and privacy-related risks in order to comply with the legislation, but also of assisting companies in creating new opportunities within this business area.

Our team of partners and lawyers have extensive knowledge of the area, bolstered by collaboration with different practice areas of the firm to practically and efficiently assist our clients in three major fronts:


  • Data mapping, advice on statutory grounds and legal risks (gap analysis) and Legal Advice Report;
  • Drafting and revising documents related to privacy matters;
  • Communication with and representation before the Brazilian National Data Protection Authority (ANPD);
  • Specialized legal consulting on the development of products and services that involve data protection (privacy by design);
  • Training and education on topics involving the General Data Protection Law (LGPD);
  • Specialized legal consulting on marketing practices that involve personal data and databases (big data);
  • Training and education on topics regarding the LGPD for the entire company or on demand (DPO training, HR department, general training for all employees, training for the Privacy Committee, training for clients and suppliers, among others). 


  • Governance of algorithms and Artificial Intelligence;
  • Blockchain;
  • Smart contracts;
  • Assistance with awareness of best practices and ethical conducts in Artificial Intelligence matters;
  • Algorithmic auditing and mapping of risks and impacts;
  • Advice on privacy, security and ethics by design (EbD);
  • Assistance on matters involving Digital Law demands;
  • Assistance in the application of technology concerning the Internet of Things (IoT).



  • Assistance in risk assessment and diagnosis of relevant damages to the data subjects, in the event of security incidents;
  • Crisis management resulted from security incidents;
  • Drafting security incident reports to be submitted to the responsible authority;
  • Assistance in contracting suppliers of information security for provision of forensic services;
  • Revision of the Information Security Policy and the Incident Response Plan;
  • Staff training;
  • Assistance with contingency planning the press, clients, authorities and data subjects.