JANUARY 28, 2020

Data Protection Impact Assessment Guideline

CIRCULARS

CIRCULAR

Data Privacy & Data Protection Department Report | Data Protection Impact Assessment Guideline

Dear Sir or Madam,

On today’s date, the Data Protection Impact Assessment Guideline (the “Guideline”) was published, which was jointly prepared by the highest data protection authorities in Argentina and Uruguay, the Agency of Access to Public Information and the Regulatory and Personal Data Control Unit, respectively.

The Guideline aims to guide public organizations and private companies to identify and minimize potential risks in the treatment of personal data that may occur in their usual activities from an early stage.

For its preparation, the most recent laws and guidelines were considered, particularly the laws of the member states of the European Union and of the States parties to the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data which was signed and ratified by both Argentina and Uruguay.

The Guideline aims to serve as a didactic manual to evaluate how data processing is performed in each organization, identifying the risks, their probability of materialization and the possible impacts.

In addition, it establishes patterns to measure the levels of each risk and the execution of an action plan to mitigate each risk.

The Guideline, which is available in the following link, is proposed as a reference not only for public organizations and private companies in Argentina and Uruguay but also for the entire region.

Please, do not hesitate to contact us should you require any additional information on this matter.

Sincerely,

 

Emilio Beccar Varela

Florencia Rosati