The controller shall appoint a data protection officer to be in charge of processing personal data.
§1 The identity and contact information of the data protection officer shall be publicly disclosed, in a clear and objective manner, preferably on the controller’s website.
§2 Data Protection Officer’s activities consist of:
I – accepting complaints and communications from data subjects, providing explanations and adopting measures;
II – receiving communications from the national authority and adopting measures;
III – orienting entity’s employees and contractors regarding practices to be taken in relation to personal data protection; and
IV – carrying out other duties as determined by the controller or set forth in complementary rules.
§3 The national authority may establish complementary rules about the definition and the duties of the data protection officer, including situations in which the appointment of such person may be waived, according to the nature and the size of the entity or the volume of data processing operations.
§4 (vetoed). (Included by Law No. 13,853/2019)