Privacy Law at Nicaragua
Nicaragua's primary data protection legislation is Law No. 787, enacted on March 29, 2012, titled Ley de Protección de Datos Personales (Law on the Protection of Personal Data). This law regulates the collection, processing, storage, and security of personal data, aiming to protect individuals' privacy rights and ensure lawful data handling practices.
Key Provisions of Law No. 787
1. Data Collection and Consent
Personal data may only be collected for legitimate, specific purposes and must be adequate, relevant, and not excessive in relation to those purpose. Data controllers are required to obtain the explicit consent of individuals before collecting or processing their personal data, except in certain circumstances such as legal obligations or judicial mandate.
2. Rights of Data Subjects
Individuals are granted several rights concerning their personal data, including:
Right to Access The right to obtain confirmation of whether personal data concerning them is being processed and, if so, access to that data.
Right to Rectification The right to request correction of inaccurate or incomplete data.
Right to Deletion The right to request deletion of personal data when it is no longer necessary for the purposes for which it was collected.
Right to Object The right to object to the processing of their personal data under certain condition.
Right to Portability The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
3. Obligations of Data Controllers
Entities that collect or process personal data are required t:
Register Data Files Maintain a registry of data files with the Directorate for the Protection of Personal Data.
Implement Security Measures Adopt appropriate technical and organizational measures to protect personal data.
Ensure Data Accuracy Take reasonable steps to ensure the accuracy of personal data and update it when necessary.
Notify Data Breaches Inform the Directorate and affected individuals promptly in the event of a data breach.
4. Regulatory Authority
The Directorate for the Protection of Personal Data (DIPRODAP) is the designated authority responsible for overseeing compliance with data protection laws in Nicaragua. DIPRODAP is tasked wit:
Monitoring and enforcing data protection regulation.
Providing guidance to data controllers and individuals regarding their rights and obligation.
Imposing sanctions for non-compliance, including warnings, suspension of data processing operations, and closure of data file.
5. International Data Transfers
The law permits the transfer of personal data to other countries only if the recipient country provides adequate protection for the data. Transfers are also allowed in cases of international judicial cooperation, health-related data exchanges, or when required by international treaties ratified by Nicaragua.
⚠️ Implementation Challenges
Despite the enactment of Law No. 787, the effective implementation of data protection practices in Nicaragua has faced challenge:
As of the latest available information, the DIPRODAP has not been fully established, hindering the enforcement of data protection regulation.
There is no mandatory requirement for organizations to notify data breaches, potentially delaying responses to incident.
The law does not specify minimum or maximum penalty amounts for violations, leading to potential inconsistencies in enforcement.
✅ Compliance Recommendations for Organizations in Nicaragua
Organizations operating in Nicaragua should:
Obtain Explicit Consent Ensure informed and explicit consent is obtained from individuals before collecting or processing their personal data.
Register Data Files Maintain a registry of data files with the Directorate for the Protection of Personal Data.
Implement Security Measures Adopt appropriate technical and organizational measures to protect personal data.
Ensure Data Accuracy Take reasonable steps to ensure the accuracy of personal data and update it when necessary.
Prepare for Data Breaches Develop and implement procedures to promptly respond to data breaches and notify affected individual.
Monitor Regulatory Developments Stay informed about developments in data protection regulations and enforcement practices in Nicaragua.
RELATED Blog
0 comments