On August 26, 2024, Chile took a significant step in protecting the privacy rights of its citizens with the approval of the new Personal Data Protection Law. This law, which aligns national standards with those of the European Union’s General Data Protection Regulation (GDPR), seeks to regulate the processing of personal data and strengthen privacy guarantees for the owners of such data
Alignment with GDPR standards: Anonymization and pseudonymization
Since the new Chilean law is based on European legislation, it explicitly incorporates anonymization and pseudonymization as recommended practices for the secure processing of personal data. These methods are presented as essential tools to comply with the strict requirements of the law.
Anonymization refers to the process by which personal data is modified in such a way that it is impossible to associate it with an identifiable person. This process ensures that even if data is accessed in an unauthorized manner, it cannot be used to identify an individual.
On the other hand, pseudonymization involves replacing direct identifiers of personal data (such as names or identification numbers) with pseudonyms or other alternative values. Although it does not eliminate the possibility of re-identification, it significantly reduces the risks associated with handling personal data, allowing its use in analysis and other activities with a lower risk to privacy.
Both practices are recommended by the new law as ways to minimize the risk in the processing of personal data while facilitating compliance with the regulations.
Impact of the new law on companies and data holders
The implementation of this law brings with it important implications for companies that handle personal data. These organizations will have to adopt measures such as anonymization and pseudonymization to protect the information they manage, ensuring that it is only used for authorized purposes and under strict security conditions.
In addition, the law strengthens the rights of data owners, who will now be able to exercise clearer rights such as access to their data, rectification of inaccuracies, deletion of information, opposition to its processing and portability of their data to other providers.
It should be noted that the law will come into force 24 months after its publication, a period that will allow all those responsible for the processing of personal data to adapt to this new regime. During this period, companies must review and adjust their internal processes to comply with the new legal requirements, while the Personal Data Protection Agency, created by this law, will monitor compliance with the regulations and apply sanctions in case of non-compliance, which can reach up to 20,000 UTM, one of the highest fines in Chilean legislation.
Conclusion
The enactment of Chile’s new Personal Data Protection Law is a game-changer in the way personal information is managed across the nation. By incorporating tools such as anonymization and pseudonymization, companies not only comply with the law but also reinforce the trust of their users and contribute to a safer digital environment.
This legislative advance not only protects individuals but also positions Chile as a country with high data protection standards, facilitating the international transfer of data and promoting a robust and reliable digital economy. It is time for all organizations to review and adapt their data management practices, thus ensuring compliance with this regulation and the effective protection of the privacy of their users.
