backOn December 19, 2024, the Brazilian Data Protection Authority (ANPD) issued a new guideline on the role of the Data Protection Officer (DPO). This document supplements Resolution CD/ANPD No. 18, dated July 16, 2024, detailing the requirements for appointing the DPO and relevant responsibilities. The main objective of the new guideline is to facilitate the interpretation of Resolution CD/ANPD No. 18 and support the proper execution of the DPO’s activities, considered essential for privacy and data protection governance within organizations.
The guideline addresses key topics such as the DPO’s responsibilities, best practices for data controllers, and practical examples of DPO activities. It includes recommendations on how to appoint a DPO, such as the simultaneous designation of a substitute DPO and the prevention of conflict of interest, with a recommendation to create dedicated organizational units for this role. It also emphasizes the requirement for proficiency in Portuguese for effective communication with the ANPD and data subjects, particularly in the case of foreign professionals.
In addition to general guidance, the document provides a template for the formal DPO appointment, facilitating implementation by organizations.
We recommend that all clients review and reassess their DPO appointments, roles, and governance practices, considering the new guidelines published by the ANPD.
The original version of the guidelines is available in Portuguese here and an automatic Google AI translated version into English is available here: ANPD Guidelines on the DPO (for a lawyer-reviewed translation or legal advice, please contact us).
If necessary, click here and contact our partners for advice on the new guidelines or for hiring a DPO as a Service in Brazil, a service offered by Campos Thomaz Advogados.
share
