The function called person in charge of processing personal data, internationally called DPO - Data Protection Officer (DPO), plays an important role in the GDPR implementation, as it has the function of acting as a communication channel between the institution, the data subjects and the National Data Protection Authority (ANPD).
The DPO is included in Article 41 of the LGPD and must be appointed by the company doing the GDPR implementation, including with your identity and contact information publicly disclosed, on the company's website, for example, to facilitate access by data subjects.
Na GDPR implementation, the law establishes that the function is not mandatory in some cases, but the decision is up to the ANDP. This information is contained in third paragraph, item IV of article 41: § 3 The national authority may establish complementary rules on the definition and attributions of the person in charge, including cases of exemption from the need for his indication, according to the nature and size of the entity or the volume of data processing operations.
during and after the GDPR implementation, the DPO will also be the mediator between the company and the government, so it will need to be aware of the regulations issued by the national authority and ensure their compliance. It will also have the function of guiding the company's employees regarding the practices to be taken with the protection of personal data.
Many companies have not yet started GDPR implementation, and in this period there were changes involving the role of the DPO, until recently there was no Brazilian Classification of Occupations – CBO for him, but now the Data Protection Officer (DPO) has its own CBO and can be called by this nomenclature in addition to Person in charge of the Processing of Personal Data.
when the theme is GDPR implementation and data protection, all employees, including the company's top management, must comply with the guidelines imposed by the DPO. Therefore, the responsibility granted to this professional is essential and he/she needs to have relevant experience in information security governance processes. As well as, knowledge of the law and other rules related to data protection, must be a premise for the function, including knowledge of the business of the company in which it operates.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet made the compliance with GDPR
eContact TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology to consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.