Law 21.719: Chile’s new era of data protection

Law 21.719 represents the most significant regulatory change in data protection in Chile in the last two decades. Approved in 2024 and entering into force progressively until December 2026, it deeply transforms how organizations must manage Chileans' personal data.

Fundamental changes

• Data Protection Agency: creation of an autonomous body with oversight and sanctioning powers.
• Mandatory DPO: companies processing data at scale must designate a Data Protection Officer.
• Significant fines: up to UF 20,000 (~USD 750,000) for serious violations.
• Expanded rights: portability, opposition, consent revocation, erasure.
• Breach notification: obligation to report incidents within 72 hours.

Critical timeline

The law enters into force in December 2026. Organizations have until then to adapt processes, contracts, policies and systems. The European experience with GDPR shows the timeline is tight: fines began rolling out shortly after entry into force.

What to do now

The first step is a gap analysis: what personal data we process, for what purpose, under what legal basis, where it is stored, who accesses it, how we protect it. Without this map, compliance is impossible.

At GOBERNANZA.IO we accompany LATAM organizations through this process with a platform designed specifically for the region's regulatory frameworks.