The first step towards recognizing the profession of Data Protection Officer (DPO) in Brazil, which was introduced by the definition contained in Article 5, VIII of the Brazilian Data Privacy Act (LGPD) – Statute #13,709/2018. This step was taken with its inclusion in the Brazilian Classification of Occupations (CBO), created by Ordinance #397 of October 10, 2002.
Although the CBO does not have the power to regulate a profession, since it catalogs professions both regulated by law and with free professional practice, it does serve as a starting point to give visibility to this function that will gain greater or lesser relevance depending on how the National Data Protection Authority (ANDP) acts in the country; after all, companies will only begin to invest in such a function if they actually need a specialized professional.
In addition, one still must consider what the future of the Brazilian DPO will be, given that, in the country, this role is still limited to serving as an intermediary between the company, the ANPD and the data subjects, which is very far from the job description of a DPO in Europe or a Chief Privacy Officer (CPO) in the US, acting exclusively for their purpose and whose duties involve, among others, creating and managing a strategic privacy program; ongoing tracking process, investigation and reporting, and the like.