• English
  • Español
Search
Close this search box.

The RITE and its New Personal Data Protection Adhesion Module

Through a collaborative process involving the Anti-Corruption Office (Oficina Anticorrupción – OA) and the Public Information Access Agency (Agencia de Acceso a la Información Pública – AAIP), the creation and implementation of a module dedicated to Personal Data Protection by the Registry of Integrity and Transparency for Companies and Entities (Registro de Integridad y Transparencia para Empresas y Entidades – RITE) has been promoted.

The purpose of this new personal data module is to serve as a guide for companies and organizations to strengthen their privacy strategy. Through voluntary participation, these companies and organizations can promote good practices in privacy, protection of personal data, sustainable integrity, and demonstrate and encourage compliance with current regulations.

What is the RITE? This registry is an online platform, free and voluntary to join, containing information, documents, and resources to support companies and entities in the development of their integrity programs (www.rite.gob.ar). The RITE aims to contribute to the development, improvement, and maturity of integrity programs, exchange of best practices, and the promotion of transparent environments in business and markets.

In the process of incorporating new topics, the RITE has added this module on personal data through OA Resolution 9/2023 of 23/11/2023, which provides a form that allows organizations and companies to identify the priority aspects of the information registered in RITE, as well as to strengthen good standards in privacy policies and personal data security, transparency, and sustainable integrity. The form is divided into 6 variables, each with its own indicator, including questions about the organization’s personal data protection plan and various aspects related to compliance with the Personal Data Protection Law 25.326 and good practices in the field.

In summary, the variables are:

  • Data Protection Plan: Identify how the entity organizes the personal data it collects, including categories, the role of data controller/processor, the existence of a personal data protection plan, data retention period, and whether the organization has a privacy policy (and its components).
  • Risk Assessment: Identify databases within the organization, data flow, treatment of sensitive data, organization’s legitimacy to process data, actions taken by the organization in response to security incidents, and whether impact assessments are conducted. It also analyses data transfer and international data transfer, and the use of cloud services.
  • Data Protection Area: Identify whether the organization has a designated area or person responsible for personal data protection, budget for this role/department, required training, and measures taken to ensure security. It also examines whether the organization has a Personal Data Protection Plan and how it functions considering the different roles to be executed.
  • Proactive and Demonstrated Responsibility: Identify how the organization applies personal data protection by design and by default, whether a protocol for security incidents and accident mitigation has been developed.
  • Training: Information about the organization’s internal performance when providing training to its staff on issues related to the protection of personal data (both internal and external staff, and clients).
  • Communication Channel: Identify the channels provided by the organization for data subjects to make claims and exercise their rights, as well as establish an internal mechanism to know what to request when handling inquiries.

The new module is in its initial stage and the starting date of its operation has not yet been defined. Once this is determined, Lerman & Szlak will be able to support the legal and compliance teams of those organizations and companies that wish to join and be pioneers in voluntarily adhering to the module, allowing them to strengthen their practices in sustainable integrity and personal data protection.

For more information, please access OA Resolution 9/2023 and its corresponding annex via the following link: https://www.boletinoficial.gob.ar/detalleAviso/primera/298957/20231123 

 

Gabriela Szlak (T°79 F 516) y Agustina Hagelstrom (T°139 F°344)