Ecuador approves data protection law
On May 10, 2021, the Ecuadorian National Assembly unanimously approved the Organic Data Protection Act (the “Data Protection Act”), which President Moreno is expected to sign.
The Data Protection Act is based on the General Data Protection Regulation of the EU (“GDPR”) and obliges those responsible for processing to take protective measures to protect personal data, to appoint a data protection officer and to notify individuals before the processing of certain personal data. The Data Protection Act also establishes (1) a national data protection authority; (2) regulates cross-border data transfers; and (3) gives Ecuadorians the right to request access to, amendment, and deletion of their personal data.
Unlike the GDPR, however, the Data Protection Act provides lower civil fines for violations, ranging from 0.1% to 1% of a company’s annual revenue, depending on various circumstances, including the severity of the violation.
Read more about the data protection law of Ecuador.