The Federal Administration of Public Revenue (recently rebranded as the “Revenue and Customs Control Agency”) has appointed National Director Dr. Eduardo Hernán Cimato as its first Data Protection Officer.
At Lerman & Szlak, we commend Dr. Cimato’s appointment, recognizing his extensive experience in the field, having served as National Director of Data Protection (2018-2023) and Interim Head (2021-2022) of the Public Information Access Agency (AAIP).
The DPO role, originating from European regulations, functions as a “compliance guardian for data protection within organizations.” The responsibilities typically assigned to a DPO, which were incorporated into the 2023 Draft Personal Data Protection Bill (Argentina), include the following:
- Informing, training, and advising organizations on their legal obligations regarding data protection,
- Ensuring and supervising regulatory compliance,
- Collaborating with the relevant Authority and acting as a liaison between the organization and the Authority.
We celebrate this decision as it strengthens transparency in the management of citizens’ personal data by public agencies. Notably, for any organization that processes large volumes of personal data or sensitive data, whether public or private, appointing a DPO, even if not yet mandatory in Argentina under current regulations, raises protection standards. Furthermore, this can help mitigate risks associated with potential legislative changes or, for private entities, allow them to be better suited for expansion into countries or regions with higher data protection standards.
Other countries in the region have acknowledged the DPO’s benefits by incorporating this role into their regulations, as in Brazil and Uruguay. Recently, Chile also introduced the DPO role in its new legislation approved in August this year.
In Argentina, this appointment aligns with the recommendations of AAIP´s Resolution 40/2018, which approves the “MODEL DATA PROTECTION POLICY FOR PUBLIC AGENCIES.” This resolution serves as a foundational guideline for designing data protection policies for public entities handling personal data and recommends not only the design of a policy for the processing of personal data but also its dissemination to the public. It further advises agencies to appoint an in-house DPO responsible for “implementing and monitoring compliance with internal data protection policies.”
Finally, even if an organization or company lacks the obligation or resources to appoint a DPO, it is recommended that they at least designate an area responsible for privacy and data protection matters. Additionally, organizations should establish appropriate channels and assign personnel responsible for receiving and responding to data subjects’ requests to exercise their rights.
We extend our congratulations to Dr. Cimato on this appointment and wish him great success in his new role!
If your organization requires advisory services in privacy and data protection, please feel free to contact us at info@lermanszlak.com.
Gabriela Szlak
T° 79 F° 516 CPACF
1- The appointment was made through Provision 173/2024, published on October 4th, 2024, in the Official Gazette.
2- Spain’s Data Protection Authority. Available in Spanish at: https://www.aepd.es/prensa-y-comunicacion/blog/que-es-un-delegado-de-proteccion-de-datos#:~:text=Esta%20figura%2C%20conocida%20popularmente%20como,desarrollan%20las%20Autoridades%20de%20Control.
3- Available in Spanish at: https://www.argentina.gob.ar/sites/default/files/mensajeyproyecto_leypdp2023.pdf.
4- Available in Spanish at: https://www.boletinoficial.gob.ar/detalleAviso/primera/187739/20180706.