Case Study: Cemig achieves LGPD compliance and automates privacy operations with OneTrust

Cemig Operationalizes LGPD and Privacy Program with OneTrust

CEMIG, one of Brazil’s largest energy companies serving more than 8.6 million customers across 24 states, needed to operationalize compliance with the Lei Geral de Proteção de Dados (LGPD) and build a companywide privacy program. After mapping complex processes, systems and databases, CEMIG selected the OneTrust platform to provide the automation and governance capabilities required for LGPD readiness.

CEMIG implemented OneTrust modules including DSAR, Cookie Compliance (geo‑specific banners on three portals), and is rolling out Assessment Automation, Vendor Risk Management, Incident Response, Robotic Automation for DSAR and Awareness Training. OneTrust automated DSAR handling to meet legal deadlines and reduce costs, gave consumers centralized control over cookie and marketing consent, enabled privacy‑by‑design across products, and improved reporting, access control and the speed and safety of fulfilment by discovering systems and linking data for faster access/deletion requests.

CEMIG

Douglas Heleno Penaforte

Privacy and Data Protection Manager