New inspections procedure of the national data protection authority

Bruchou & Funes de Rioja - January 12, 2021
Intellectual Property, Privacy, New Technologies and Legal Advertising

 

On December 31, 2020, Resolution No. 322/2020 of the Access to Public Information Agency (“AAPI” or “Agency”) was published, approving a new inspection procedure to assess the level of compliance of controllers and processors with current data protection regulations.

The purpose of the procedure is to audit, investigate and control the activities of data controllers and processors. All legal aspects of personal data processing operations would be covered in the inspection: legality, data quality, prior information, security and confidentiality, local and international data transfers, procedures to guarantee the rights of the data subjects. Likewise, modern data privacy aspects are taken into account in the inspections: the existence of a privacy impact assessment, the terms and conditions and/or the privacy policy of the controller and/or processor, the action of the data protection officer and the protocols for reporting security incidents to data subjects and the supervisory authority.

Furthermore, the procedure provides for two types of inspections. On the one hand, the planned ones, which are carried out annually, according to objective selection criteria that determine a group of data controllers that will be investigated. On the other, the spontaneous ones, which the Agency can initiate at its discretion, if it becomes aware of an alleged illegal activity. Although all inspections will be preceded, in principle, by a notification and a documentary request to the investigated person, said notification may be omitted if the Agency considers that it may affect the course of the investigation. In this case, the inspectors may appear directly at the address of the controller or processor.

Lastly, it should be noted that the AAPI may require a judicial authorization in advance when it could reasonably foresee that it will not obtain the necessary cooperation from the person under investigation or if it is deemed convenient for the inspection. It may also require such authorization if the person under investigation refuses to cooperate with the inspectors.

In short, the new inspection procedure modernizes old provisions of the National Direction for the Protection of Personal Data and confers new powers on the Agency, in line with the more relevant procedures of data protection authorities, such as that of the Information Commissioner’s UK Office.

Related articles

January 11, 2021
Data protection news for 2021
March 23, 2022
IP News Report #11
January 15, 2021
IP News Report #2
November 10, 2022
Legal Alert - Data protection: the National Congress ratified the accession of Argentina to the Convention 108 +
February 1, 2021
What's new in the "new" WhatsApp policies?
January 16, 2024
International Data Transfer: the European Union ratified that Argentina provides an adequate level of Data Protection
January 20, 2022
IP News Report #10
May 30, 2022
News: "Incremental Hydrocarbons’ Production”
December 28, 2023
Bill for the Bases and Starting Points for the Freedom of the Argentines: Energy
+ VER MAS