With the recent approval of the Personal Data Protection Bill, Alessandri Abogados organised a breakfast for clients, with the aim of informing about the most relevant aspects of the new regulation and answering doubts about its implementation and compliance. 


During the day, topics that affect companies that manage personal data were addressed, such as the new obligations related to the protection of sensitive data, risk assessment and the severe penalties that the law establishes for those who do not comply with the new requirements.

 

Macarena Gatica, partner at Alessandri Abogados, opened the presentation and gave a comprehensive overview of the new legislation, ‘this law marks a before and after in terms of personal data protection in Chile. It addresses in depth issues such as personal data, sensitive data, and new categories of data, such as biometric and geolocation data,’ she said, also referring to the importance of consent, ’consent can no longer be ambiguous; it must be unambiguous. 


Rodrigo Velasco, also a partner at the firm, introduced the concepts of lawfulness grounds and risk management, ‘it is crucial that companies identify the lawfulness grounds under which they will process data. Consent is only one of them, but there is also contract and legitimate interest,’ said Velasco. He also referred to the sanctioning regime established by the law: ‘the sanctions are severe and can reach up to 4% of annual revenues in cases of very serious infringements, which highlights the need for a robust preventive model’. 


Rodrigo Velasco also addressed the role of the Data Protection Officer (DPO), a mandatory figure under the new law, who will be responsible for ensuring regulatory compliance within organisations and implementing preventive measures to avoid sanctions. 


The breakfast concluded with a question and answer session, where attendees showed great interest in how the law will affect their operations and what steps they need to take to adapt to the new requirements. The new Personal Data Protection Law implies a profound change in the way companies will have to manage personal information, making it necessary for them to adopt stricter and more robust compliance models to avoid sanctions and ensure data security. 

The deadline for the implementation of this law is 24 months, during which companies must adapt their procedures and policies to comply with the new requirements and effectively protect the rights of data subjects.