On December 13, 2024, Law 21,719 was published, regulating the Protection of Personal Data and creating the Personal Data Protection Agency. This law amends the previous Law 19,628 and establishes a new legal framework for the processing of personal data, guaranteeing the right to privacy and adapting it to the digital environment. This law will take effect on December 1, 2026.
This law grants data subjects the rights of access, rectification, erasure, blocking, and deletion, which, without prejudice to already being covered by Law 19,628, are regulated in greater detail.
There are new obligations for data controllers, including transparency, the duty of secrecy or confidentiality, the duty of protection by design and by default, the duty to adopt security measures, and the duty to report breaches of security measures.
For data subjects, a new right is introduced, namely data portability, which allows them to request and receive a copy of their data and have it transferred from one controller to another.
Another innovation lies in the creation of a Personal Data Protection Agency, whose main purpose is to ensure the protection of rights that guarantee individuals’ privacy and personal data.
Its powers include: monitoring compliance with the law, determining infringements and non-compliance by data controllers, and resolving complaints from data subjects, among others.
Infringements committed by data controllers are classified as minor, serious, and very serious, with fines ranging from 5,000 UTM to 20,000 UTM.
On the other hand, the National Registry of Sanctions and Compliance is created, administered by the Agency, which is publicly accessible and aims to register those responsible who have been sanctioned for violating the law and also to register those who have adopted models for the prevention of violations.
Ontier LLP is authorised and regulated by the Solicitors Regulation Authority, registration number OC327289. Legal Notice
