What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
Brazil does not currently require DPOs. That said, once Brazil’s new General Data Privacy Law goes into effect in early 2020, data controllers (i.e. employers) will be responsible for appointing an officer to be in charge of processing employees’ personal information.
The DPO will be responsible for communicating with employees (and other data subjects) on questions and complaints relating to their personal data. In addition, the DPO is responsible for adopting data protection measures, receiving communications from the national authority, and managing data protection practices for the organization (including preparing employees and contractors). More rules and responsibilities will likely be outlined prior to the law going into effect.
The DPO’s identity and contact information should be publicly available, ideally on the company website.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.