Law: The Organic Law on the Protection of Personal Data (only available in Spanish here) ('the Law')
Regulator: National Directorate of Public Records ('DINARP')
Summary: The National Assembly of the Republic of Ecuador enacted, on 26 May 2021, the Law. The Law among other things, sets out data security obligations, introduces data subject rights that are similar to the EU's General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), establishes safeguards including obligations to guarantee fair and responsible data processing, and requires that personal data databases are registered. Organisations have two years from the date of its publication in the Official Registry to commence their processes of adaptation to the Law.
Data protection requirements are also contained in a variety of different laws and regulations. The Constitution of the Republic of Ecuador 2008 (only available in Spanish here), for instance, provides for the right to privacy concerning an individual's personal data. There are also several laws that govern data protection in specific sectors, such as the labour, telecommunications, and financial sectors. Moreover, the Comprehensive Criminal Code of Ecuador (only available in Spanish here) defines 'data of restricted circulation', and regulates crimes concerning the security of information and communication systems.
Most recently, a draft Law on Digital Security, Cybersecurity, Cyber-defence, and Cyber-intelligence (only available in Spanish here) was introduced to the National Assembly and proposes administrative and practical measures to address cybercrime, with a focus on the financial sector.