Chile: Introduced Personal Data Protection Law including data protection regulation

On 15 March 2017, Chile’s Data Protection Law was introduced into the Congress. The law will apply to any individual or entity -private or public- in Chile. Individuals will have the right to request access, rectification, deletion, blocking, and sharing of personal data. Consent must be communicated in written form and may be revoked at any time. Some exceptions exist when consent is not needed to process personal data, such as if it concerns a financial or banking obligation or is necessary as part of a contract. In addition, the controller must communicate to the data subject the type of data collected and the legal basis for collection. The data collected needs to be specific and limited to the explicit purpose. If data is requested, it must be delivered promptly, clearly, concisely, and accurately. Finally, controllers are expected to adopt reasonable steps to ensure data security and to provide confidentiality. Specific requirements on sensitive personal data, such as health or minor data, are also specified.