Request A Demo Login Now Sign up to DataGuidance Alerts DataGuidance DataPrivacy Index Cookie Consent Guide Data Protection Law & Policy Download a DataGuidance Brochure DataGuidance Videos

Testimonials

Anyone managing privacy and data protection on a global scale would find DataGuidance very informative in content, with quick access to essential information and a good way to manage external costs.
Mikko Niva Director, Privacy, Nokia
RSS feed of this page Updated: 28/03/2013 
Sharing disabled by cookie consent preference.
Privacy This Week powered by DataGuidance

back to Privacy This Week

Latin America: Peru issues rules on database data processing requirements

Peru issued - on 22 March 2013 - Regulations implementing its Personal Data Protection Law (Law No. 29733), which was enacted in July 2011. The Regulations establish rules on a variety of topics including consent, data transfers, security measures and sanctions.

Erick Iriarte, Partner and Head of Information Technology Law at Iriarte & Asociados, told DataGuidance: "The Regulations will take effect within 30 business days after publication. The National Data Protection Authority has authority over all databases containing personal data processed in Peruvian territory, whether the processing is performed by the data processor, owner, officer, manager or the person responsible for administration of a personal data database".

Article 12 of the new Regulation states that consent, which must be obtained prior to data collection, must be unequivocal, informed and expressly and freely given. Data controllers must inform individuals - using clear and simple language - about the identity of the data controller, the purposes for data processing, the identity of the recipients of the data, the consequences of providing personal data or refusal to do so, and, where necessary, whether any national or international transfers are to be made.

If individuals opt-out of the data processing, data controllers have a maximum of five days to honour said opt-out, with measures in place to ensure opt-out is simple and fast. If the opt-out affects the entire processing of personal data, the controller must ensure the relevant individual's data is deleted.

The Regulations state that intra-group transfers will be considered compliant with personal data processing requirements if there is an internal code of conduct based on the guiding principles of the Law. Cross border data transfers are possible where the recipient of the personal data undertakes the same obligations as the data controller or if the data controller uses contractual clauses or other legal instruments to set out at least the same obligations. Any cross border data transfers must be reported to the Peruvian Data Protection Authority.

Iriarte said: "The Regulations set a deadline of two years for databases created before the effective date of the Regulation to comply; those created after the enactment itself must be in accordance with the Law. This Regulation should reduce smuggling of personal data, benefit citizens in their relation to companies and public bodies in the exchange of data."


© 2014 Cecile Park Publishing Ltd. All rights reserved

Sharing disabled by cookie consent preference.




Other News

  
© 2014 Cecile Park Publishing Ltd. Privacy Policy | Terms and Conditions | Sitemap
Address: 17 The Timber Yard, Drysdale Street, London, N1 6ND, UK | Phone: +44 (0)20 7012 1380 | Email: info@dataguidance.com