FIRST PRIVACY helps global companies to implement privacy compliance programs in accordance with data protection laws. Respecting these laws is not only essential to avoid sanctions but also gives companies a competitive edge in the market.

The Brazilian Data Protection Law (LGPD) came into force in 2020 and brings several challenges to companies, particularly due to the obligations imposed. FIRST PRIVACY assists Brazilian entities of multinationals to comply with the applicable rules. This helps our clients to increase customer trust and builds longer and closer business relationships.

FIRST PRIVACY conducts comprehensive data mapping in order to identify the data flow within a group of companies. Considering that, we help our clients to remediate existing gaps. This includes the implementation of privacy policies, technical and organizational measures, contractual arrangements, procedures for data breaches and data subject requests, and also trainings to make sure that employees and contractors are aware of privacy matters.

With our multinational team of lawyers and experts as well as our 20 years of experience as part of a big group, we are able to carve out cultural deviations in the law without loosing an eye on the broader business interest of our clients. 


Years experience






Companies' DPO


Our services

FIRST PRIVACY supports companies with a wide range of expertise in the fields of privacy, data protection, compliance and information security.

Data Mapping and Gap Analysis

In order to assess compliance with the relevant laws, we conduct interviews with project owners and department coordinators to document and evaluate the existing data processing activities.

These profound interviews allows us to efficiently tailor our assessment to our clients´ needs depending on the industry in which they operate.

Our team is able to communicate in Portuguese which facilitates the communication with local stakeholders.

As a result of this exercise, we prepare a gap analysis so the current status of compliance is determined. Depending on the gaps, remediation actions are recommended including the relevant documents in accordance with the LGPD (privacy notices, data processing agreements, data breach response plans and concept for dealing with data subject requests).

How we will help your company

FIRST PRIVACY provides a unique mix of services covering all the data protection legal obligations that your company needs to fulfil, such as:

  • Creation and maintenance of record of the company’s processing activities (ROPA) using our Privacy Management Tool (DSN port);
  • Documentation of technical and organizational measures (TOMs);
  • Assessment of high risk operations through data protection impact assessments (DPIA);
  • Review of data protection related contracts and support in challenging negotiations with customers, business partners and providers;
  • Preparation of privacy policies informing employees, customers, consumers and website users about the way your company processes personal data;
  • LGPD Trainings for Marketing, HR, Customer Support and IT teams.

Furthermore, we evaluate data breaches with high priority in order to comply with short notice obligations, and support you in case of notification requirements to the Brazilian Data Protection Authority (ANPD) and the concerned data subjects. Moreover, we guide you through marketing challenges relating to consent, newsletters and cookies and support you in answering requests of individuals for data deletion or objections. We also provide expert opinions and white papers and resolve deadlocks with work councils and trade unions, so your business moves forward.

External Data Protection Officer

Companies are obliged to appoint a data protection officer (DPO) under the LGPD. The primary role of the DPO is to ensure that your organization processes the personal data entrusted to it in compliance with the applicable data protection law, in addition to acting as the point of contact for communications with the Brazilian Data Protection Authority (ANPD) and data subjects.

FIRST PRIVACY provides the service of an external DPO, allowing companies to overcome the challenges and commitment of appointing a DPO internally. We will guide you on developing and maintaining a robust data protection compliance programm.

We are currently appointed for more than 200 companies globally which gives us a condensed knowledge pool and business continuity.

Global support

FIRST PRIVACY and its multinational team of lawyers can support you with requests under the applicable laws, such as the GDPR, LGPD, PIPEDA, CCPA, PDPL, 152-FZ, CETS No. 108 as well as national implementation laws, case law and authority opinions.

Our global experience allows us to help you to ensure high standards of data protection compliance, taking into account the international best practices and local requirements.

Contact Person

Fábio Cavalcante

Fábio Cavalcante, LL.M.

Senior Privacy Counsel


Phone: +49 421 69 66 32-886

Fábio regularly advises global companies to implement LGPD privacy compliance programs. For that, he conducts comprehensive data mapping, gap analysis and provides remediation plans to address gaps. He also has experience with designing procedures for data subject requests and handling data breaches. Furthermore, he regularly gives trainings to raise awareness of data protection within groups of companies.

Fábio studied law at the University of São Paulo (USP), did his Master of Laws at the Humboldt University of Berlin and is currently a PhD Candidate at the University of Bremen. Moreover, he was a Visiting Researcher at the University of Oxford (Commercial Law Centre, Harris Manchester College) and at the International Institute for the Unification of Private Law (UNIDROIT) in Rome.

Languages: Portuguese, English, German and Spanish.