Argentina Personal Data Protection Law — Law No. 25,326

Overview

Argentina Personal Data Protection Law — Law 25,326 (PDPL) is a national data protection regulation that establishes rights for individuals and obligations for entities that collect, store, and process personal data in Argentina. The law aims to protect privacy and enable individuals to control their personal information.

Enacted by the Argentine Congress and enforced by the Agency of Access to Public Information (AAIP), Law 25,326 applies to data files, registries, databases, and data banks in both the public and private sectors. It establishes principles for data processing, data subject rights, obligations for controllers and processors, and cross-border transfer requirements.

Organizations implement the PDPL by establishing data protection policies, registering databases with the AAIP where required, implementing security safeguards, and creating processes for responding to data subject requests. Compliance aligns with international privacy standards supporting cross-border data flows.

Why it Matters

Argentina’s PDPL establishes fundamental data protection rights protecting individual privacy in an increasingly digital economy.

Key benefits include:

• Protect personal data rights

Establish individual rights to access, correct, and delete personal information in accordance with Argentine law.

• Meet regulatory requirements

Comply with AAIP requirements maintaining data processing authorization and avoiding regulatory penalties.

• Support international transfers

Maintain Argentina’s adequacy status enabling data transfers from the EU and other regions.

• Build stakeholder trust

Demonstrate commitment to data protection supporting customer and partner confidence in data handling.

• Enable cross-border business

Satisfy international trading partners requiring adequate data protection for cross-border data flows.

How it Works

Law 25,326 establishes principles for lawful data processing, database registration requirements, data quality standards, data subject rights, and security obligations. Organizations must register databases with the AAIP, implement appropriate security measures, and respond to data subject access, rectification, and deletion requests.

Organizations implement compliance through privacy policy development, database registration, security control implementation, staff training, and ongoing AAIP reporting. Cross-border transfers require AAIP authorization or adequacy recognition.

Key Elements

• Database Registration

Requires registration of personal data databases with AAIP for oversight and regulatory compliance.

• Data Subject Rights

Provides individuals rights to access, rectification, suppression, and confidentiality of personal data.

• Security Safeguards

Mandates technical and organizational measures protecting personal data from unauthorized access.

• Cross-Border Transfer Rules

Establishes requirements for international personal data transfers including adequacy assessments.

Framework Scope

Argentina PDPL applies to entities processing personal data of Argentine residents in public and private sector databases. Covers both automated and manual data processing activities.

Framework Objectives

Argentina PDPL establishes data protection rights and obligations protecting personal information in Argentina.

• Protect individual privacy through fundamental data protection rights
• Establish lawful processing principles for personal data in Argentina
• Enable data subject access, correction, and deletion rights
• Maintain Argentina’s international data transfer adequacy status
• Support regulatory compliance through AAIP oversight

Common Framework Mappings

Mapped frameworks include:

EU General Data Protection Regulation (GDPR)

ISO/IEC 27001

ISO/IEC 27701

NIST Privacy Framework

OECD Privacy Guidelines