Latin America

Data Privacy Group is a “one stop shop” for your regional and global data protection needs. Irrespective of your international jurisdiction, our global team serves you globally with local, regional and international data protection services. Our solution is complete, end-to-end, builds bridges between IT, legal and business, and adheres to best practices. We empower your organization to avert costly data breaches and reduce risks of non-compliance that could result in fines from the regulator and loss of trust of your customers.

Solution packages

We have designed a scalable Data Protection service “packages” within the Latin American market that will suit start-ups, corporations, groups as well as international conglomerates, irrespective of the sphere of industry. Alternatively, we can provide you with a tailor-made roadmap, outsourcing, or privacy by design solutions.

The following packages are designed for companies that want to conform to the Brazilian General Data Protection Law (LGPD), Federal Law no. 13,709/2018, as the latest privacy standard in the region. These packages guarantee compliance with data privacy at the shortest possible time.


Startup package is our unique solution, applicable for a small and middle sized startups, which have to be GDPR compliant. All the basic steps to reach compliance shall be taken, including:

  • Developing the record of processing activities (RoPA) and determining legal grounds for processes. 

  • Compiling a Privacy Notice and Internal Data Protection Policy. 

  • Determining the roles in processing operations (controllers / joint controllers / processors / third parties).

  • Creating a cookie-banner and drafting a cookie-policy for the company’s website.


​Basic level of compliance that includes:

  • Developing the Register of Processing Activities (RoPA) and determining legal grounds for processes. 

  • Determining the roles in processing operations (controllers or operators). 

  • Compiling a Privacy Notice and Internal Data Protection Policy. 

  • Staff awareness training. 

  • Consultation where required.


​Medium level of compliance, including Basic package plus reviews and recommendations for improving processes involving personal data, and processing agreements. In question, Gold package includes:

  • Description of the processes in which personal data are involved with a list of recommendations and risk pre-assessments.

  • Drafting data processing agreements with counterparts.

  • Conducting Data Protection Impact Assessment (DPIA) and Privacy by Design sessions.

  • Compiling a Impact Report on Protection of Personal Data.

  • Staff training on rules of personal data processing and information security requirements.


High-level compliance, which includes Gold package services, plus product audit with detailed recommendations, customization of processes for handling data subject requests and data breaches, meeting a transparency requirements. It also entails DPO outsourcing. The peculiarities of this option are:

  • A comprehensive audit of the product and description of its data processing activities.

  • Ensuring compliance with the transparency requirement by providing multiple forms of privacy notices and policies.

  • Implementing Cookie banner settings according to electronic marketing communications requirements.

  • Conducting a vendor audit.

  • Assistance in implementing the processes of reporting data breaches and responding to data subjects’ requests.

  • DPO (Chief of Data Processing) Outsourcing.

Select Your Solution

Please, provide us with your details and request to assist you with a free express audit.