Accept and respond to complaints and communications from the holders of personal data, in accordance with the rules on the exercise of rights provided for in Law No. 13.709/2018 - General Data Protection Law;

​

​

Carry out institutional communication between the National Data Protection Authority;

​

​

Provide guidance on matters regarding the practices, measures and actions to be taken in relation to the protection of personal data in the context of its processing activities.

​

​

Guide in periodic reviews of the personal data protection impact report (DPIA - Data Protection Impact Assessment), that is, in the documentation that contains the description of the processing of personal data that can create risks to civil liberties and fundamental rights, as well as risk mitigation measures, safeguards and mechanisms.

​

​

Guide in periodic reviews of the "LIA" (legitimate interests assessment), that is, in the assessment of risks based on the context and specific circumstances of the treatment activities that involve the legitimate interest.

​

​

Guide in periodic reviews of the Information Security Incident Response Plan, that is, in the document that should establish the procedure for managing situations after the identification of the occurrence, or mere suspicion, of an information security incident involving data to combat risks and minimize any effects related to incidents of this nature.

​

​

Guide the constant registration and monitoring of their personal data processing activities, as provided for in article 37 of Law No. 13.709/2018 - General Data Protection Law.

​

​

Guide and train members of the organization in the application of technical and organizational measures of information security and corporate governance capable of protecting Personal Data.

​

​

Preparation of in-company courses and lectures, enabling awareness, training and creation of a culture aimed at data protection and privacy within the organization.