Privacy Law at Chile

10 Apr 2025 --
0 Comments

Chile's new Personal Data Protection Law (Law No. 21.719), published on December 13, 2024, introduces comprehensive reforms to the country's data protection framework. Set to take effect on December 1, 2026, this law aligns Chile's standards with international regulations like the EU's General Data Protection Regulation (GDPR).

🇨🇱 Key Highlights of Chile's Personal Data Protection Law

1. **Creation of the Personal Data Protection Agency (PDPA)*

2. **Expanded Rights for Data Subjects*

Individuals are granted enhanced rights, includin:

Right to Access Obtain information about their personal data held by organization.

Right to Rectification Correct inaccurate or incomplete dat.

Right to Deletion Request the removal of their data under certain condition.

Right to Object Refuse the processing of their dat.

Right to Portability Transfer their data to another service provide.

3. **Legal Bases for Data Processing*

Organizations must establish a valid legal basis for processing personal data, such a:

Consent Explicit permission from the data subjec.

Contractual Necessity Processing required to fulfill a contrac.

Legal Obligation Compliance with a legal dut.

Legitimate Interest Processing based on the organization's legitimate interests, provided these do not override the data subject's right.

4. **Obligations for Data Controllers and Processors*

Entities handling personal data mus:Implement appropriate technical and organizational measures to ensure data securit.Maintain confidentiality of personal dat Conduct Data Protection Impact Assessments (DPIAs) when processing activities may impact individuals' right. Establish procedures for data subjects to exercise their right. Notify the PDPA and affected individuals of data breaches without undue dela.

5. **International Data Transfers*

Transfers of personal data outside Chile are permitted under the following condition: To countries or organizations that provide adequate levels of data protectio. Under contracts that include standard contractual clauses ensuring data protectio. With the explicit consent of the data subjec.

6. **Sanctions for Non-Complianc*

Violations of the law can result i:

Minor Infractions Fines up to 5,000 UTM (approximately USD 387,000.

Serious Infractions Fines up to 10,000 UTM (approximately USD 775,000.

Very Serious Infractions Fines up to 20,000 UTM (approximately USD 1.55 million) or 4% of annual revenu. In cases of repeated violations, fines can be increased up to three times the original amoun.

🛠️ Transition Period and Compliance Preparatin

With the law's implementation scheduled for December 2026, organizations have a two-year period o: Review and update data processing practics. Implement necessary technical and organizational measurs Establish or update data protection policis. Designate Data Protection Officers (DPO). Develop and maintain records of data processing activitis.

This transition period provides an opportunity for organizations to align their data protection practices with the new legal requirements and avoid potential penaltis.

✅ Summay

Chile's Personal Data Protection Law represents a significant advancement in safeguarding individuals' privacy righs Organizations operating in or engaging with Chilean data subjects must prepare for the law's implementation by enhancing their data protection frameworks and ensuring compliance with the new regulatios.