After seven years of legislative proceedings, on December 13, 2024, the law that regulates the protection and processing of personal data and establishing the Personal Data Protection Agency was published in the Official Gazette.
In previous publications, we have explained the updates and main reforms introduced by the law.
It will come into effect in 24 months, on December 1, 2026, and these are the main challenges that companies will face during the transitional period granted by the law.
- New obligations
• Entities processing data must clearly establish the legal basis for such processing, identifying and justifying each requirement with clarity.
• Transparency obligations in personal data processing, establishing a strict regime of associated duties, which implies specific requirements for privacy policies.
• Specific obligations for those processing data specially protected by the law, including sensitive data, biometric data, geolocation data, data of minors, among others.
• Obligation to maintain confidentiality, ensure data security, and notify data breaches.
• Obligations for service providers involved in personal data processing.
• Obligation to conduct data protection impact assessments under certain scenarios.
• Procedures must be implemented to allow data subjects to exercise their rights.
• A framework for international data transfers is established.
• SMEs are subject to a differentiated regime regarding security and transparency standards, as well as sanctions.
2. Sanctions regime
The most significant change is a robust catalog of 30 types of infractions and an associated sanctions framework that can reach up to 20,000 UTM in cases of “extremely serious” violations, increased in cases of recidivism. Minor sanctions are linked to failure to comply with information duties, serious sanctions to breaches of processing rules, and extremely serious sanctions to intentional data processing violations, such as when processing is carried out fraudulently.
3. Creation of the Personal Data Protection Agency
This institution, composed of three counselors specialized in the field, will oversee compliance with the new law, resolving and sanctioning violations of the regulations through administrative proceedings.
4. Infraction prevention model
Companies may choose to implement a compliance model, which is voluntary but requires, among other tasks, the development of internal processes related to the identification of personal data being processed, processing activities, and the appointment of a data protection officer who will be responsible for ensuring the proper use of personal data within the company. This compliance model is particularly suitable for companies that make intensive use of data, as once certified, it is considered a mitigating factor of liability.
How may we be of assistance to you?
This new legal framework invites all companies to review and update their internal processes regarding personal data. During this transitional period, we can assist you in the following ways:
1. We help you understand the regulations, identify the personal data you handle, and evaluate your processes.
2. We develop risk matrices and impact assessment processes, design and propose changes to your internal and external policies and procedures.
3. We assist in defining your legal bases and ensuring clear evidence of their requirements.
4. We support you in your contracts and relationships with suppliers.
5. When necessary, we develop infraction prevention models.
6. We train and advise your organization and can support the Data Protection Officer.
7. We provide comprehensive advisory services that integrate legal, technical, and change management challenges, leveraging our partnerships with the most prestigious cybersecurity providers in the Chilean market.
CONTACT
Romina Garrido
Counsel
rgarrido@prieto.cl
Carolina Soto
Associate
csoto@prieto.cl
Josefina Navarrete
Associate
jnavarrete@prieto.cl
Kilian Vargas
Associate
kvargas@prieto.cl
The information contained in this alert has been prepared for informational purposes and does not constitute legal advice*
Alonso de Córdova 4355, piso 15, Vitacura, Santiago, Chile
prieto@prieto.cl
Alonso de Córdova 4355, piso 15, Vitacura, Santiago – Chile
+562 2280 5000
prieto@prieto.cl