Professional Documents
Culture Documents
personal information of individuals in both the public and private sectors. Below is a
summary of its key provisions
Scope: The law applies to the processing of personal information in both government
and private sectors.
Definition of personal information: The law defines personal information as any
information that can identify an individual, such as name, address, email, phone
number, ID number, and biometric information.
Consent: The law requires organizations to obtain the consent of the individual before
collecting, processing, or disclosing their personal information.
Rights of the data subject: The law grants individuals the right to be informed,
access their personal information, object to processing, and have their data corrected
or deleted.
Security measures: Organizations are required to implement reasonable and
appropriate security measures to protect personal information against unauthorized
access, use, or disclosure.
Breach notification: Organizations are required to notify the National Privacy
Commission and affected individuals in case of a data breach that may pose a risk to
their rights and freedoms.
Data protection officer: Organizations are required to appoint a data protection
officer to oversee compliance with the law.
Penalties: Violations of the law may result in fines, imprisonment, or both, depending
on the severity of the offense.