Data Protection Officer "DPO": Chile and Brazil

The figure of the Data Protection Officer (DPO) has established itself as a key player in the governance and compliance with data protection regulations within organisations. Their main role consists of supervising regulatory compliance, advising on the implementation of data protection policies and acting as a point of contact with the authorities and data subjects.

In Brazil, the appointment of the DPO is regulated by the General Law on Personal Data Protection (LGPD), which recognises his or her function as a channel of communication between the data controller, data subjects and the National Data Protection Authority (ANPD).

For its part, in Chile, Law No. 21.719, which amends Law No. 19.628, incorporates this figure within the framework of the breach prevention models, establishing its designation in those cases in which organisations adopt this type of compliance mechanisms.

This analysis was prepared by Martín Basualdo, associate of the Data Protection area of ECIJA Chile, with the collaboration of Matheus Puppe, partner of ECIJA Brazil, offering a comparative view on the regulation and functions of the DPO in both jurisdictions.