top of page
  • Writer's pictureBrasil Fernandes Advogados

Corporate Compliance in Brazilian Law

The term Compliance has popularized throughout the world as synonym of good business practices: it means to act according to a rule, an internal instruction, a command or a request[1]. In the corporate sphere, it is understood as the set of structures, rules and procedures implemented in companies with a view to ensuring the conformity of their operation with the legislation, internal rules and ethical standards desirable for the business world.

The implementation of Digital Compliance has as its essential function the analysis of risks and the adoption of preventive measures for the adequacy of the company the rules applicable to information technologies.

The great emphasis on the need and importance of the discussion about the practices that involve Digital Compliance was the result of the wave of cyber attacks that occurred on a global scale in recent years, which affected not only private sector companies but also government agencies and alerted the insufficient care for data and information protection.

Given this scenario, it has to be that Digital Compliance should not be just a symbolic structure. It needs to be effective - to produce all the benefits associated with it. Among these are the monitoring and control of corporate data communication tools that can be allocated to servers or any cloud computing platform and the prevention of data that can be easily lost in the face of a specific system bug[2] and that this could cause huge losses for the company.

The implementation of the Digital Compliance program is preceded by a very specific assessment of the company's characteristics and a diagnosis of the risks involved in its operation, such as: (i) prior auditing to identify the technologies present in the company's daily life and analysis of the contracted licenses; (ii) processing the company's advertising data, or accessing employees to customer data - all of which must comply with Law n. 13.709 / 2018 (General Law on Data Protection)[3]; (ii) maintenance of the company's web page in accordance with Law n. 12.965 / 2014 (Civilian Internet Framework)[4]; (iii) in the case of e-commerce, strict compliance with Decree-Law no. 7,962 / 2013[5] (Regulation of e-commerce); (iv) in the relationship with employees, with the creation of internal regulations for information security (e-mail surveillance in case of corruption, protection of customer portfolios, among others).

Companies that have Digital Compliance structures are perceived more positively by the national and international markets, with gains in corporate image and commercial opportunities. The current market situation requires companies to be not only reactive but also preventive to the risks of their operations.

All this reputational gain generated by the adoption of Compliance policies and practices transcend commercial relations, extending also to regulators, control bodies and society as a whole.

[1] Disponível em:; Ultimo acesso em 22 de maio de 2019.

[2] Disponível em:; Último acesso em 22 de maio de 2019.

[3] Lei Geral de Proteção de Dados (Lei n. 13.709/2018); Disponível em:

[4] Marco Civil da Internet no Brasil (Lei n. 12.965/2014); Disponível em:

[5] Contratação do Comércio Eletrônico (Decreto Lei n. 7.962/2013); Disponível em:


bottom of page