Financial Crime World

Here is the rewritten article in markdown format:

New Data Protection Bill in Chile: Key Provisions

The new Data Protection Bill in Chile has been making headlines lately. Here’s a summary of its key provisions:

Personal Data Definition and Responsibilities

  • Personal Data Definition: The bill defines personal data as any information that identifies or makes an individual identifiable.
  • Controller and Processor Responsibilities: Controllers are established to inform data subjects, process requests, and provide security measures.

Data Subject Rights

  • Right to Access: Data subjects have the right to access their personal data.
  • Rectify and Cancel: They also have the right to rectify or cancel their personal data.
  • Oppose Processing: Data subjects can oppose the processing of their personal data.
  • Explicit Consent: Explicit consent is required from data subjects before collecting their personal data.
  • Security Measures: Controllers are imposed a duty to implement technical and organizational measures to ensure the security of personal data.

Breach Notification and International Data Transfers

  • Breach Notification: A new duty to inform the Data Protection Agency in the event of an incident that compromises personal data is established, with specific requirements for sensitive data.
  • International Data Transfers: The bill regulates international transfer of personal data, allowing transfers under certain scenarios such as adequacy of the legal system or consent from the data subject.

Compliance Prevention Models and DPOs

  • Compliance Prevention Models: Controllers can implement certified compliance prevention models that can mitigate liability in case of an infringement.
  • DPO Designation: Controllers are required to designate a Data Protection Officer (DPO) with autonomy in privacy matters.

Fines for Non-Compliance

The bill imposes fines ranging from approximately $7,000 for minor infractions to up to $4,200,000 for very serious and repetitive infringements. There are three categories of infractions:

  • Minor Infractions: Minor infractions with a fine amount of approximately $7,000.
  • Serious Infractions: Serious infractions with a fine amount ranging from $30,000 to $1,200,000.
  • Very Serious and Repetitive Infringements: Very serious and repetitive infringements with a fine amount up to $4,200,000.

Mixed Commission

The Mixed Commission will settle differences between the Senate and Deputies versions of the Bill. The matters to be resolved include:

  • Inclusion of Publicly Accessible Sources: Inclusion of publicly accessible sources as a legal basis.
  • Obligation for Foreign Companies: Obligation for foreign companies to designate a representative in Chile.
  • Duty of Controllers: Duty of controllers to directly report security breaches.
  • Maximum Amounts on Fines: Establishment of maximum amounts on fines.
  • Powers of the Data Protection Agency: Powers of the Data Protection Agency to oversee processing by Congress, Judicial Power, and public agencies.