THE FEDERAL PUBLIC ADMINISTRATION ISSUED A GOOD PRACTICES GUIDE FOR DATA PROCESSING

20 Apr THE FEDERAL PUBLIC ADMINISTRATION ISSUED A GOOD PRACTICES GUIDE FOR DATA PROCESSING

In the beginning of this month, the Good Practices Guide for the Implementation of the Brazilian General Data Protection Regulation (“LGPD”) by the Federal Public Administration (“Guide”), drafted by the Data Governance Central Committee, was published.

This Guide has the objective of providing orientation and guidelines advice and guidelines regarding the processing of personal data, specifically for the direct, indirect federal public administration and its agencies, in accordance with article 50 of the LGPD.

Article 50, LGPD, states that personal data processing agents, regarding their competences, are free to create good practices and governance over organization conditions, operation system, procedures, security rules, technical standards, specific obligations for the different parties involved in the processing, educative actions, internal mechanisms of supervision and risk mitigation, and any other aspects relating to personal data processing.

The public administration may act as a data processing agent, when it is the controller, which means it actively decides over personal data processing; or when it acts as the processor, for example, when it processes personal data on behalf of a controller. The processing of personal data by the public administration is provided in Chapter IV of the LGPD.

According to the Guide the processing of personal data by the federal public administration shall be based on the execution of public policies and fulfillment of legal or regulatory obligation.

The issuance of the Guide indicates a step forward for the federal public administration compliance with the LGPD, which shall encompass not only normative matters, but also cultural matters, spreading knowledge and respect regarding data subject’s rights to privacy and personal data protection.

The Guide is divided in four (4) chapters, as follows:

(i) Chapter 1. Deals with two fundamental matters for LGPD enforcement: data subject’s rights and legal grounds for processing.

(ii) Chapter 2. Refers to the processing of personal data the draft of the Privacy Impact Assessment Report.

(iii) Chapter 3. Describes the processing cycle for personal data, from the collection to the disposal.

(iv) Chapter 4. Provides the good practices related to information security.

It is the first edition of the Guide, which, later, might be adjusted and updated, mainly after the duly incorporation of Brazilian National Data Protection Authority (“ANPD”).

The Guide is available for access here.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from KGV Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener, Granja & Vieira Advogados.