SecurePrivacy Logo

Chilean Personal Data Protection Law

View Law Text
Maximum Fine
UTM 50
Scope
National
Regulator
Transparency Council
Enacted
1999

Need Help with Chilean Personal Data Protection Law Compliance?

Get expert guidance on implementing Chilean data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Personal Data Protection Law (Law 19.628) establishes the framework for processing personal data in Chile, protecting individuals' privacy rights while enabling legitimate data processing.

Key Facts

  • Enacted in 1999
  • Enforced by Chilean Transparency Council
  • Undergoing modernization reforms

Key Principles

Lawful Processing

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain processing records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Purpose Limitation

Data must be collected for specified and legitimate purposes.

Requirements

  • Define clear purposes
  • Document purposes
  • Limit processing scope
  • Regular reviews
  • Update as needed

Examples

  • Purpose statements
  • Processing records
  • Review documentation
  • Update logs

Data Quality

Personal data must be accurate and kept up to date.

Requirements

  • Verify data accuracy
  • Regular data reviews
  • Update procedures
  • Correction mechanisms
  • Quality controls

Examples

  • Data verification processes
  • Update procedures
  • Correction forms
  • Quality checks

Compliance Requirements

Database Registration

Organizations must register their personal data databases with the Chilean Transparency Council.

Implementation Steps

  • Identify databases
  • Complete registration forms
  • Submit documentation
  • Maintain records
  • Update when changes occur

Required Documentation

  • Database inventory
  • Registration forms
  • Submission records
  • Update history
  • Change logs

International Transfer Requirements

Requirements for transferring personal data outside Chile.

Implementation Steps

  • Assess recipient country
  • Implement safeguards
  • Document transfers
  • Monitor compliance
  • Regular reviews

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Transfer records
  • Monitoring logs
  • Review reports

Enforcement & Penalties

Administrative Penalties

The Chilean Transparency Council can impose administrative penalties for violations.

Penalty Categories

Severe Violations
Up to UTM 50
For serious breaches of data protection requirements
Processing Violations
Up to UTM 30
For unauthorized processing of personal data
Documentation Violations
Up to UTM 20
For failure to maintain required documentation

Example Cases

Financial Institution
UTM 45
2023 - Unauthorized data sharing with third parties
Retail Company
UTM 25
2022 - Insufficient security measures leading to data breach

Civil Actions

Individuals can seek damages through civil courts.

Penalty Categories

Individual Claims
Case-specific
Compensation for damages
Class Actions
Varies
Collective claims for widespread violations
Injunctive Relief
Court ordered
Orders to cease violations

Example Cases

Consumer Class Action
UTM 100
2023 - Unauthorized use of personal data for marketing
Individual Privacy Claim
UTM 15
2022 - Failure to honor data subject rights