After the unanimous approval by the Ecuadorian National Assembly on May 10, the now former President Moreno signed the Ecuadorian Data Protection Bill on the 21st May.
Inspired by the European regulation (General Data Protection Regulation – GDPR), the new law will directly impose legal compliance obligations on controllers and processors, such as the obligation to provide a privacy notice when personal information of a data subject is obtained and the right for individuals to have inaccurate personal data rectified or completed where necessary.
The law also establishes the Superintendency of Protection of Personal Data, which will regulate cross-border data transfers and can impose fines that could amount to up to 17% of the business volume corresponding to the financial year immediately prior to the imposition of the fine.
Considering the law has an extraterritorial reach, a clear understanding of the new legislation is necessary for any business with physical presence in Ecuador along with businesses that offer services or have operations involving data handling in the country. Companies will have a period of two years to adjust to the new rules.
For any additional information about the Ecuadorian Organic Law on Data Protection and any other Personal Data Protection Regulation in Latin America, please contact Paula Rabacov.