On December 31, 2020, the Argentine Data Privacy Office ‑Agency for Access to Public Information- issued Resolution 322/2020 (“Resolution 322”) which repealed the inspection procedure foreseen by Disposition 55/2016 and approved the Inspection Guide and the Legal and Technical Guidelines for the Inspection Procedure on Data Privacy matters.
The documents approved by Resolution 322 not only established the aspects to be considered by the inspectors on data privacy matters, but also aim at strengthening and adapting the inspection procedure to the current structure of the Regulator and making it more efficient.
Among the most relevant aspects that will be considered at the time of the inspection is the impact assessment on data privacy conducted by the Data Controller, the terms and conditions and privacy policies undertaken by the Data Controller, and the notification system for data subjects and Argentine Data Privacy Office in case of security incidents.
Moreover, and among other issues that are regulated by Resolution 322, two types of inspections are foreseen, the “Planned” and the “Spontaneous”. The first are those inspections that are part of the annual plan of the Directorate of the Agency for Access to Public Information — and proposed by the National Directorate for the Protection of Personal Data — and the second refer to those that are relevant to the Regulator, motivated by the negative impact that the processing of personal data could have on the right to privacy and protection of personal data and/or the receipt of a complaint for alleged unlawful activity.
For further information please contact us at [email protected]