The function called responsible for the processing of personal data, internationally called DPO - Data Protection Officer (DPO), plays an important role in implementation of the LGPD , since it has the function of acting as a communication channel between the institution, the data subjects and the National Data Protection Authority (ANPD).
The DPO is included in Article 41 of the LGPD and must be appointed by the company that makes the implementation of the LGPD , including your identity and contact information publicly disclosed on the company's website, for example, to facilitate access by data subjects.
Na implementation of the LGPD , the law establishes that the function is not mandatory in some cases, but whose decision is the responsibility of the ANDP. This information is contained in the third paragraph, paragraph IV of Article 41: § 3 The national authority may establish complementary rules regarding the definition and attributions of the person in charge, including cases of exemption from the need for his appointment, depending on the nature and size of the entity or the volume of data processing operations.
During and after implementation of the LGPD , the DPO will also be the mediator between the company and the government, so it will need to be aware of the regulations issued by the national authority and ensure their compliance. It will also have the function of advising the company's employees regarding the practices to be taken with the protection of personal data.
Many companies have not yet started implementation of the LGPD , and during this period there were changes involving the role of the DPO, Until recently there was no Brazilian Classification of Occupations - CBO for him, but now the Data Protection Officer (DPO) has his own CBO and can be called by this nomenclature in addition to being in charge of the processing of personal data.
When the topic is implementation of LGPD and data protection, all employees, including the company's top management, must comply with the guidelines imposed by the DPO. Therefore, the responsibility conferred on this professional is essential and they must have relevant experience in information security governance processes. As well as knowledge of the law and other regulations related to data protection, must be a premise for the function, including knowledge of the business of the company in which it operates.
The LGPD is already in force and impacting the Brazilian market as a whole. If your company has not yet done the compliance with the LGPD contact TATICCA — ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consultancy in LGPD and also implementation, in an objective and assertive manner, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of service or sale of products, adaptation of contracts in accordance with LGPD , data mapping, implementation of the service channel, drafting of a privacy policy, pre-formatted documentation with all the requirements of LGPD .