Recently Chile has announced that it will introduce a new law to require the registration of databases containing personal information, the creation of an independent data protection regulator with powers to fine up to $700,000 of violations and for the data protection register to be publicly available.
Chile already has a data protection framework which came into force some years ago and is very much based on the Spanish data protection law.
The new legislation is important because for the first time it creates an independent regulator with significant powers to enforce the law for the benefit of data subjects although credit scoring data and health data are intended to be covered by different legislation.
When the new law comes into effect (at some point during 2015) companies that process personal data in Chile will have three years within which to notify the regulator of the databases that they create and the nature of the personal data within them. Individuals will have a right to require rectification of their personal data which is processed unlawfully and will have a form of subject access right to their data through the regulator.
The role of the data protection regulator under the new legislation will be similar to that of data protection authorities in Europe to the extent that the role of the regulator is to enforce the law, provide guidance on the law and issue sanctions for violations.