Personal Data Protection Law Argentina

    Overview

    Argentina's Personal Data Protection Law (Ley 25.326) aims to protect the privacy of individuals by regulating the collection, use, and treatment of personal data. It applies to both public and private databases, mandating the safeguarding of personal information, and emphasizes the rights to access, correct, and delete personal data. The regulation is based on guaranteeing respect for privacy and the right to information, and mandates secure handling of data throughout its lifecycle.

     

    Regulation Summary

    Timeline
    • Enacted: October 4, 2000
    • Promulgated: October 30, 2000
    • Effective Date: November 2, 2000
    What Businesses Are Affected
    • Entities operating in Argentina that process personal data.
    • Foreign businesses processing personal data of Argentine residents.
    • Public and private databases that store or process personal data.
    Exemptions
    • Personal or household data processing for non-commercial use.
    • Journalistic databases used for reporting and information dissemination.
    • Government agencies processing data for public security, defense, or judicial matters.
    Responsibilities for Businesses
    • Obtain explicit consent before processing personal data.
    • Clearly inform individuals about data collection, purpose, and retention periods.
    • Explain the purpose and legal basis for processing personal data.
    • Respond to data subject requests within 10 days.
    • Implement security measures to prevent unauthorized access and breaches.
    • Report data breaches to the Data Protection Authority (DPA).
    • Conduct Data Protection Impact Assessments (DPIAs) when processing sensitive data.
    • Appoint a Data Protection Officer (DPO) if handling large-scale or sensitive data.
    Specific Responsibilities for Website Owners
    • Publish a privacy policy detailing data collection practices.
    • Implement cookie consent mechanisms to obtain user approval.
    • Provide users with the ability to withdraw consent at any time.
    Additional Requirements
    • Cross-border data transfers are restricted, except when:
      • The recipient country offers adequate protection.
      • The transfer is legally required or contractually necessary.
      • The transfer serves the public interest.
    • A Data Protection Officer (DPO) may be required for businesses handling large amounts of personal data.
    Data Subject Rights
    • Access: Individuals can request copies of their personal data.
    • Correction: Users can update or correct inaccuracies.
    • Erasure: Data subjects may request deletion of their data.
    • Portability: Personal data can be transferred to another provider.
    • Objection: Individuals can object to data processing for marketing or profiling.
    Enforcement
    • Regulatory Authority: The Argentine Data Protection Authority (DPA) oversees compliance.
    • Penalties:
      • General violations: Fines range from ARS 1,000 to ARS 100,000 (~$3 to $300 USD).
      • Unauthorized disclosure of sensitive data: May result in criminal penalties, including imprisonment.
      • Repeat violations: Fines and sanctions may be increased.
    illustration of contact means

    Questions?

    If you would like to learn more, our compliance experts are happy to support you.

    Leave us a Message
    support@clym.io
    +1 980 446 8535 +1 866 275 2596