Data Protection Officers are involved in all matters relating to the protection of personal data, being essential for compliance with the LGPD
The appointment of a Data Protection Officer (DPO) is mandatory, according to Article 41 of the Brazilian General Data Protection Law (LGPD), except for small businesses, as we have already mentioned in another article. In short, the DPO ensures the protection of personal data in accordance with the applicable rules, as well as mediates the interests of both the company, which is the data controller, and the data subject.
The responsibilities of the Data Protection Officer include:
Compliance – The DPO must ensure that the company conducts the processing of personal data in compliance with the General Data Protection Law, in addition, to interpreting the law for the processing agents (the controller and the operator) and all those involved in data processing, advising on the best actions to be taken.
Orientation and training – The DPO is responsible for promoting education and awareness-raising on the correct protection of personal data, offering employee training, suggesting procedures and creating a true data protection culture in the company.
Autonomy – Data Protection Officers must act autonomously in the performance of their duties, without influence from the controller or operator of the personal data. They must not be dismissed or penalized for fulfilling their role, for example, when pointing out the risk of non-compliance with the law in a particular company action. The ethical and practical considerations must come first.
Accountability – The DPO should be available to answer any questions that data subjects may have about the protection of their personal data. While performing his or her duties and to fulfill his or her obligations, the DPO must be provided with all appropriate resources, including access to personal data and processing activities.
Representation before the National Data Protection Authority (ANPD) – The DPO is the one who will receive the communications from the national authority and take the appropriate actions.
In short, Data Protection Officers are involved in all matters relating to the protection of personal data. Their role within an organization is essential for compliance with the LGPD.
It is worth noting that ANPD “may establish complementary rules on the definition and the attributions of the person in charge, including the hypothesis of exemption from the need to indicate him/her, according to the nature and size of the entity or the volume of data processing operations”, as stated in paragraph 3.
Pryor Global helps your company comply with LGPD by offering DPO as a service. Only a qualified professional will be able to provide the necessary security for your business to legally operate. Contact us and get all your questions answered!