Who is the DPO?

(Data Protection Officer)
Imagens email
Imagem documentos

A data protection officer (DPO) is a position assigned to someone who takes care of and treats the client's information carefully. The role of a data protection officer has been formally established by the European Union as part of its General Data Protection Regulation (GDPR).

According to the Regulation, companies that have a certain size and market goods or services to EU customers (collecting data as a result of such activity) should appoint a data protection officer.

The data protection officer maintains laws and practices around data protection, performs privacy assessments internally, and ensures that all other data compliance issues are up to date.

What are the responsabilities of the DPO?

  • Issuing opinions on legal provisions and national, community and international legal instruments concerning the processing of personal data
  • Authorizing or registering the processing of personal data
  • Authorizes, in exceptional cases, the use of personal data for non-determining purposes of collecting
  • Authorizes, in exceptional cases, the interconnection of personal data processing
  • Authorizes the international transfer of personal data
  • Fixes the data retention period, depending on its purpose
  • Ensures the right of access, rectification and updating
  • Authorizes the setting of costs or periodicity for exercising the right of access
  • Establishes maximum deadlines for compliance with exercising the right of access, in each activity sector
  • Responds to requests made by any person, or the association that represents the person, for the protection of their rights and freedom (regarding the processing of personal data) and informs about the result
  • Verifies, at the request of any person, the lawfulness of a data processing (in the case of indirect access) and informs of the completion of the verification
  • Evaluate complaints or petitions from individuals
  • Ensures representation at common supervisory bodies for the protection of personal data and exercises representation and oversight functions within the framework of the Schengen and Europol systems
  • Decides on the imposition of fines
  • Promotes and appreciates codes of conduct
  • Promotes the disclosure and clarification of data protection rights
  • Issues directives, regarding data retention period, security measures and codes of conduct

I want to be compliant