Peru: Implemented Regulation of the Personal Data Protection Law including cybersecurity requirements
Description
Implemented Regulation of the Personal Data Protection Law including cybersecurity requirements
On 30 March 2025, the Regulation of the Personal Data Protection Law (Law no. 29733), which is intended to enable the adequate implementation of the Law, was implemented. The Regulation sets out in detail the content of the cybersecurity obligations established by the Law, including detailing requirements for secure data processing, security and access controls, and rules for automated copying and reproduction of documents. The Regulation also refers to Peruvian technical standards based on ISO/IEC standards as possible references for a number of obligations.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government