Acesse a versão em português

The Data Protection Officer (DPO) is the natural person or legal entity appointed by the data processing agent — either the controller or the processor — to serve as a communication channel between the processing agent, data subjects, and the National Data Protection Authority (ANPD).

 

The applicable legislation sets forth certain rules for appointing this professional and assigns the DPO a range of duties and responsibilities that are essential for ensuring the success of a data protection governance program.

 

Considering this scenario, b/luz has created the DPO Space, a place where useful information and tools will be available to help DPOs carry out their functions effectively. Explore the sections below and make the most of it!

Requirements

Requisitos

The role of the DPO was established by the LGPD (Law No. 13,709/2018) and regulated by the ANPD through Resolution CD/ANPD No. 18/2024, which approves the Regulation on the Role of the Data Protection Officer. This Regulation outlines a series of requirements for the appointment and performance of the DPO’s duties, emphasizing the importance of adhering to all of them.

return to the menu

Checklist | Compliance with the Regulation

download

ANPD’s Regulation

download

Infographic about the Regulation

download

Appointment

The DPO must be appointed through a formal act. In addition to recording the decision of appointment by the data processing agent, it is important that this document outlines the activities that will be carried out by the DPO.

return to the menu

DPO Appointment Term

download

Data Protection Governance

The DPO is a central figure in managing a data protection governance program. In addition to being responsible for interacting with data subjects, employees, vendors, and partners on data protection issues, the DPO is tasked with supporting and advising the data processing agent on strategic matters such as internal policies and procedures, oversight mechanisms, risk mitigation, and contract analysis involving data processing activities.

return to the menu

Checklist | LGPD Compliance

download

Checklist | Policies

download

Data Subject Rights Handling Flow

download

Checklist | Contract Negotiation

download

Data Mapping Template

download

Data Protection Governance Program KPIs

download

Interaction with the ANPD

The DPO is the main communication channel between the data processing agent and the ANPD. In cases where it is necessary to report information security incidents, participate in supervisory processes, or engage in other procedures with the ANPD, the DPO must demonstrate the mandate to represent the data processing agent.

return to the menu

Power of Attorney Template

download

Guide for Registration in ANPD’s Electronic Process System

download

b/luz’s recent publications

Regulation on Security Incident Communication

download

Legitimate Interest Guidelines

download

Guidelines - Role of the Data Protection Officer

download

ANPD publications

 Glossary of Personal Data Protection and Privacy





access

Guidelines - the role of the data protection officer (DPO)

access

About b/luz

We are agents of transformation in the legal ecosystem, using law and regulations as tools to promote innovation and societal development.


For more information, click the button below.

check our website

Sign up for our newsletter

*We respect your privacy and protect you personal data in accordance with our Privacy Policy.