Ecuador’s new data protection regulation has now become law. The draft Organic Law on the Protection of Personal Data received no objections from the President of the Republic and has been published in the Official Registry, therefore becoming law. 

Register for the webinar: Ecuador Privacy: What You Need to Know About the New Law 

The new law establishes a national data protection authority, regulates cross-border data transfers, and provides citizens with the rights including the right to request access to, amend and delete their personal data. 

What Does Ecuador’s New Law Look Like?

This new regulation is Ecuador’s first dedicated data protection law, and some of the key areas are outlined below:  

  • Data protection principles: The draft law recognizes many familiar data protection principles, including transparency, purpose limitation, confidentiality, limited retention, accountability and data accuracy, and processor and controller obligations. 
  • Extraterritorial scope: Processors and controllers located outside of Ecuador must comply with the new law if they offer goods and services to Ecuadorian residents. Nevertheless, it does not oblige processors and controllers to have any representative in the country that will comply with the different obligations recognized in the law. 
  • Data subject rights: The law brings with it new data subject rights, including the right to access, to rectification, to deletion, of cancellation, to portability, to object, not to be subject to a decision based solely on automated processing, and the to be forgotten. 
  • DPO requirements: Establishes controller and processor obligations for appointing a data protection officer, depending on the data being processed, and requires all public authorities to have a DPO. The DPO will work with the data protection authority and be the point of contact for data subjects.  
  • Penalties: The law makes a distinction between minor and major infringements, with sanctions ranging from 3% to 17% of an organization’s annual revenue from the previous year. The DPA will decide on the sanction based on the severity of the infringement and the intention of the relevant party. 

Register for the webinar: Ecuador Privacy: What You Need to Know About the New Law 

How Can OneTrust Support Compliance with Ecuador’s New Data Protection Law? 

OneTrust’s solutions can help you comply with Ecuador’s new privacy regulation, including: 

  • Privacy Management Software: Operationalize and introduce automation to your Ecuador compliance requirements including opt-outs, consumer rights, and privacy governance operations.  
  • Regulatory Research: With OneTrust DataGuidance you can leverage the world’s most in-depth and up to date source of regulatory research to make sure your program stays on top of the latest developments. 
  • Professional Services: Get support with planning and implementing your Ecuador compliance program with our implementation and validation services. 

Ecuador’s new data protection regulation has now become law, for the latest insight be sure to register for our webinar Ecuador Privacy: What You Need to Know About the New Law on June 29, or to find out more about how OneTrust can support your compliance request a demo today. 

Further reading on Ecuador’s new data protection law: 

Next steps on Ecuador’s new data protection law: 

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on Ecuador’s New Data Protection Law.