The role of the European Union's Data Protection Officer (Encarregado)

October 12, 2020

The position of ‘Data Protection Officer’ – established initially under the terms of the EU’s General Data Protection Regulation (GDPR) – has been imported into Brazil’s equivalent General Data Protection Law (LGDP) with the slightly peculiar title of  “Encarregado.”

The European Union’s GDPR data protection legislation came into force on March 25, 2018, while Brazil’s LGDP was published on August 13, 2018, but only came into force on September 18, 2020.

Europe’s Data Protection Supervisor, the European Union’s independent data protection authority,  establishes the responsibilities of the Data Protection Officer (DPO).  Perhaps the key proviso for the position is to ensure that their organization processes the personal data of its staff, customers, suppliers, or any other individuals (or data subjects), under the applicable data protection rules.

The DPO must fulfill their functions independently and not receive instructions on how to perform their duties from any other person or entity.

There should be no conflict of interest between an individual’s duties as a DPO and any other responsibilities they may have that might compromise their obligations as DPO.

The data protection authority makes the following recommendations to minimize situations of conflicting interests.  The DPO should:

  1. not also control data handling activities (for example, serve as the human resources manager);
  2. not be an employee on a short-term contract;
  3. not report to a direct superior who is not a senior manager; and
  4. have the ability to manage their own budget.

Let’s examine the main tasks of the DPO:

Ensure that controllers and data owners are informed of their data protection rights, obligations, and responsibilities and raise awareness of same;
Provide advice and recommendations to the institution regarding the interpretation or application of data protection rules;
Create a register of data processing operations within the institution and notify the EDPS of those that present specific risks (so-called prior controls);
Ensure data protection compliance within their institution and assisting them in being responsible in this regard.
Handle inquiries or complaints at the request of the institution, the controller, another person, or on their initiative;
Cooperate with EDPS (respond to requests for investigations, complaints handling, inspections carried out by EDPS, etc.);
Draw the institution’s attention to any failure to comply with the applicable data protection rules.
No items found.

RECENT POSTS

ANVISA Aprova a Regulamentação de Biossimilares

June 18, 2024

Conselho Europeu Aprova Lei sobre a Inteligência Artificial

May 29, 2024

ANPD Aprova Regulamento de Comunicação de Incidente de Segurança

May 8, 2024

ANVISA Approves the Regulation of Biosimilars

June 18, 2024

European Council Approves Legislation on Artificial Intelligence

May 29, 2024

ANPD Approves Regulation on Security Incident Reporting

May 8, 2024

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

The role of the European Union's Data Protection Officer (Encarregado)

October 12, 2020
No items found.

The position of ‘Data Protection Officer’ – established initially under the terms of the EU’s General Data Protection Regulation (GDPR) – has been imported into Brazil’s equivalent General Data Protection Law (LGDP) with the slightly peculiar title of  “Encarregado.”

The European Union’s GDPR data protection legislation came into force on March 25, 2018, while Brazil’s LGDP was published on August 13, 2018, but only came into force on September 18, 2020.

Europe’s Data Protection Supervisor, the European Union’s independent data protection authority,  establishes the responsibilities of the Data Protection Officer (DPO).  Perhaps the key proviso for the position is to ensure that their organization processes the personal data of its staff, customers, suppliers, or any other individuals (or data subjects), under the applicable data protection rules.

The DPO must fulfill their functions independently and not receive instructions on how to perform their duties from any other person or entity.

There should be no conflict of interest between an individual’s duties as a DPO and any other responsibilities they may have that might compromise their obligations as DPO.

The data protection authority makes the following recommendations to minimize situations of conflicting interests.  The DPO should:

  1. not also control data handling activities (for example, serve as the human resources manager);
  2. not be an employee on a short-term contract;
  3. not report to a direct superior who is not a senior manager; and
  4. have the ability to manage their own budget.

Let’s examine the main tasks of the DPO:

Ensure that controllers and data owners are informed of their data protection rights, obligations, and responsibilities and raise awareness of same;
Provide advice and recommendations to the institution regarding the interpretation or application of data protection rules;
Create a register of data processing operations within the institution and notify the EDPS of those that present specific risks (so-called prior controls);
Ensure data protection compliance within their institution and assisting them in being responsible in this regard.
Handle inquiries or complaints at the request of the institution, the controller, another person, or on their initiative;
Cooperate with EDPS (respond to requests for investigations, complaints handling, inspections carried out by EDPS, etc.);
Draw the institution’s attention to any failure to comply with the applicable data protection rules.
Related
No items found.

ABOUT US

Licks’ Blog provides regular and insightful updates on Brazil’s political and economic landscape. The posts are authored by our Government Affairs & International Relations group, which is composed of experienced professionals from different backgrounds with multiple policy perspectives.

Licks Attorneys is a top tier Brazilian law firm, speciallized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

ABOUT US

Licks Attorneys Compliance’s Blog provides regular and insightful updates about Ethic and Compliance. The posts are authored by Alexandre Dalmasso, our partner. Licks Attorneys is a top tier Brazilian law firm, specialized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

QUEM SOMOS

O blog Licks Attorneys Compliance fornece atualizações regulares e esclarecedoras sobre Ética e Compliance. As postagens são de autoria de Alexandre Dalmasso, sócio do escritório. O Licks Attorneys é um escritório de advocacia brasileiro renomado, especializado em Propriedade Intelectual e reconhecido por seu sucesso em lidar com grandes e estratégicos cases no país.

Follow Us on Social Media

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Rua George Ohm, 230
Tower A CJ 112/113
Sao Paulo SP - Brazil
04576-020
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Rua da Glória, 251, #601
Centro Cívico
Curitiba - Brazil
80030-060
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2024 Licks Attorneys

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office