Guidelines for the Formulation of the Personal Data Protection Plan

The Argentine Government plays a significant role in the collection, storage, and processing of personal data, which constitute a strategic asset for public organizations.

In this context, the Federal Council for Transparency has issued guidelines for the formulation of a Personal Data Protection Plan for the Public Sector (the "Guidelines"). The purpose of these Guidelines is to assist public organizations in effectively managing its personal data.

The Guidelines emphasize the importance of documenting the Personal Data Protection Plan and conducting regular reviews and audits of such plan.

Among other considerations, the Guidelines provides that the Personal Data Protection Plan should: (i) establish the objectives of the organization regarding the protection of personal data; (ii) identify applicable regulations; (iii) outline the methods of collecting personal data, the types of data to be collected, and their internal flow; (iv) define the legal bases for data processing; (v) describe the measures taken to ensure the security of personal data; (vi) set retention periods; and (vii) establish an action plan for security incidents, including notifying authorities and affected individuals.

Additionally, the Guidelines underscore the essential nature of the privacy policy in the Personal Data Protection Plan, emphasizing that this document enables public entities to fulfill their duty to inform. Regarding its content, the Guidelines recommend using the Argentine Data Protection Authority’s Resolution No. 40/2018 as a guide, approving the template of the data protection policy for the public sector.

Furthermore, the Guidelines highlight the frequent hiring of foreign data hosting service providers, indicating that, data controllers must execute the corresponding data processing agreements.

Finally, the Federal Council for Transparency emphasizes that, while the Guidelines serve as guidance, each organization and province should tailor them to the challenges and realities existing in their jurisdiction.