Why Do You Need a DPO in Chile?
Law No. 19.628 on the Protection of Private Life and the new Law No. 21.719 (2024) establish clear obligations for organisations that process personal data in Chile. The new Personal Data Protection Agency (Agencia de Proteccion de Datos Personales) will oversee compliance and can impose significant penalties for non-compliance.
Having a Data Protection Officer (DPO) allows your organisation to manage these requirements professionally and in a structured manner, without hiring a full-time specialist.
What Is an Outsourced DPO?
An outsourced DPO is a certified professional who assumes the functions of Data Protection Officer for your organisation as a managed service. This offers you:
- Specialised expertise — Certified professionals with in-depth knowledge of Chilean data protection legislation
- Reduced cost — A fraction of the cost of a full-time internal DPO
- Immediate availability — No recruitment processes or training periods
- Independence — Objective and impartial advice, as required by regulations
Outsourced DPO Responsibilities
Our outsourced DPO service for Chile includes:
- Data processing registration — Management of registration with the Personal Data Protection Agency, including mandatory data processing records under Law No. 21.719
- Impact assessments — Risk analysis and personal data protection impact assessments as required by the new framework
- Policies and procedures — Development and maintenance of privacy, consent and data processing policies aligned with Law No. 19.628 and Law No. 21.719
- ARCO rights handling — Management of access, rectification, cancellation and opposition requests from data subjects
- Training — Regular staff training on personal data protection
- Incident management — Security breach notification protocol to the Personal Data Protection Agency
- Internal audits — Regular compliance reviews and report generation
Legal Framework in Chile
The outsourced DPO service covers compliance with:
- Law No. 19.628 — On the Protection of Private Life (Ley sobre Proteccion de la Vida Privada)
- Law No. 21.719 — New Personal Data Protection Law (2024), with GDPR-inspired provisions
- Law No. 21.459 — Computer Crimes Law (Ley de Delitos Informaticos), aligned with the Budapest Convention
- NCG 311 — CMF cybersecurity regulation for financial institutions
How Does It Work?
Initial Assessment
We conduct a comprehensive assessment of your current compliance status against Law No. 19.628, Law No. 21.719 and applicable regulations.
Action Plan
We design a prioritised remediation plan with clear timelines and deliverables to close identified gaps.
Ongoing Management
We assume DPO functions with monthly reports, request handling and regulatory updates.