Support Centre

Dominican Republic


Law: Law No. 172-13 on the Comprehensive Protection of Personal Data Contained in Archives, Public Registries, Databases or Other Technical Means of Data Processing Used for Reporting, Whether Public or Private 2013 (only available in Spanish here) ('the Law')

Regulator: There is no general data protection authority.

Summary: The Dominican Constitution (only available in Spanish here) provides for the right to the protection of personal data in public or private records under Article 44(2). In addition, the Law provides that data controllers and processors must comply with certain principles, including data security, professional secrecy, data quality and data loyalty. The Law does not require the notification or registration of databases, however, it establishes data subject rights and sanctions for violations of its provisions. Although there is no general data breach notification requirement under the Law, the Dominican Telecommunications Institute ('INDOTEL') requires the adoption of security measures, classified as basic, medium, or high depending on the type of information, and the notification of data breaches if they occur. Under the Law, the Banking Authority is responsible for supervising the data processing activities of credit information companies.

Lastly, Bill 00636-2021 On Cybersecurity Management in the Dominican Republic (only available in Spanish here) is currently under discussion in the Senate of the Dominican Republic, and would regulate the prevention, management, and responses to threats and cybersecurity incidents as well as other aspects related to cybersecurity of critical infrastructure, and would establish the National Cybersecurity Center.