On December 7, 2020, Resolution No. 304 was published in the Official Gazette by which the Council for Transparency approves the “Updated and consolidated text of the recommendations of the Council for Transparency on the protection of personal data by the organs of the State Administration and replaces text that indicates” (the Recommendations).
The Recommendations are intended to guide the concrete application of the new fundamental right to the protection of personal data, in addition to providing legal criteria to the State Administration bodies in the processing of personal data carried out within the scope of their competences, in order to comply with the legal obligations they have as data controllers, in accordance with the provisions of Law No. 19,628 and other relevant regulations.
The Recommendations, by way of introduction, develop definitions (personal data, sensitive data, register or database, data controller, data processing, data processor, sources accessible to the public, out-of-date data, statistical data and data dissociation); describe the guiding principles of data processing (lawfulness, quality, duty of information, security, confidentiality and special protection of sensitive personal data); and state the rights of the holders of personal data (access to their own data, rectification or modification, cancellation or deletion and blocking of data).
Then, the Recommendations provide guidance on various matters involving the State administration bodies with respect to the personal data of their holders. In this sense, they are addressed individually:
i) Procedure and form for the exercise of rights, as well as limitations to their exercise;
ii) Specific obligations when processing the data;
iii) Special rules for the processing of sensitive personal data;
iv) Processing of personal data relating to crimes, administrative infringements or disciplinary offences;
v) Obligation to register the databases in the Registry of Personal Data Banks in charge of Public Bodies;
vi) Communication or transmission of personal data;
vii) Processing of data through a data processor;
viii) Security measures of data banks or registries;
ix) Obligations in case of data processing for surveys, market studies and opinion polls;
x) Liability for infringements and right to indemnification;
xi) Data protection officer; and
xii) Recommendations on personal data protection by design.
In case you require additional information on this matter, you may contact Jorge Tisné (firstname.lastname@example.org).