THE ROLE OF THE DATA PROTECTION OFFICER IN THE POST-LGPD CORPORATE STRUCTURE
DOI:
https://doi.org/10.56238/levv16n55-060Keywords:
LGPD, Data Protection Officer, Personal Data Protection, Information Governance, Digital ComplianceAbstract
This article presents a critical analysis of the strategic role of the Data Protection Officer (DPO) within the organizational structure of Brazilian companies following the enactment of the General Data Protection Law (LGPD). It historically contextualizes the legislation and its relationship with the European Union’s General Data Protection Regulation (GDPR), highlighting the influence of international standards on the formulation of the Brazilian law. The impact of the LGPD on corporate governance is examined, emphasizing the structural adjustments necessary to ensure regulatory compliance, transparency, and the strengthening of data subjects’ trust. The study outlines the responsibilities of the DPO and their function as an intermediary between the company, data subjects, and the National Data Protection Authority (ANPD), addressing the technical, legal, and interpersonal competencies essential for performing this role. It also discusses the challenges related to integrating this professional into the strategic and operational processes of organizations, as well as recommended practices in information governance, digital compliance, and risk management, with an emphasis on the importance of an organizational culture focused on ethics, security, and the protection of personal data. It concludes that the DPO should not be understood merely as a legal requirement but as a strategic agent essential for corporate sustainability and for the establishment of responsible and competitive business environments in a context of increasing appreciation of privacy.
Downloads
References
BRASIL. Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União, Brasília, DF, 15 ago. 2018.
BIONI, Bruno Ricardo. Proteção de dados pessoais: a função e os limites da autodeterminação informativa no Brasil. 2. ed. São Paulo: Revista dos Tribunais, 2020.
DONEDA, Danilo. Da privacidade à proteção de dados pessoais. Rio de Janeiro: Forense, 2021.
MONTEIRO, Fabrício da Mota Alves; OLIVEIRA, Renato Leite Monteiro. Manual de proteção de dados: a LGPD na prática. São Paulo: Revista dos Tribunais, 2020.
PECK, Patrícia. LGPD Comentada: Lei Geral de Proteção de Dados Pessoais. 2. ed. São Paulo: Thomson Reuters Brasil, 2021.
CAVALCANTI, Maurício. Governança da informação: LGPD, ISO 27701 e boas práticas. São Paulo: Senac, 2022.
AUTORIDADE NACIONAL DE PROTEÇÃO DE DADOS (ANPD). Guias, recomendações e orientações técnicas. Disponível em: https://www.gov.br/anpd/. Acesso em: maio 2025.
GIL, Antônio Carlos. Métodos e técnicas de pesquisa social. 7. ed. São Paulo: Atlas, 2019.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO). ISO/IEC 27001:2013 –Information security management systems. Geneva: ISO, 2013.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO). ISO/IEC 27701:2019 – Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Geneva: ISO, 2019.
