Home
arrow_forward_ios
Frameworks
arrow_forward_ios
Chile Law No. 19.628 — Personal Data Protection
Data Protection & Privacy
DETAIL

Chile Personal Data Protection Law — Law No. 19.628

SmartSuite provides the system for managing controls, evidence, mappings, assessments, and reporting.
Framework text may require a separate license unless explicitly provided.

Overview

Chile Personal Data Protection Law No. 19.628 is a national data protection regulation that helps organizations safeguard personal information and ensure compliance with privacy requirements, covering collection, processing, storage, and dissemination of personal data within Chile.

Why it Matters

Chile’s Personal Data Protection Law establishes a foundational privacy framework guiding organizations in securely managing and protecting personal information. Key benefits include:

  • Strengthen data protection practices

Support consistent safeguards for personal data throughout its lifecycle, reducing the risk of unauthorized access or accidental disclosure.

  • Enhance regulatory alignment

Align privacy management with Chilean legal requirements, making it easier to demonstrate compliance to regulators and stakeholders.

  • Improve consent and rights management

Enable organizations to effectively manage data subject consents and promptly respond to individual rights requests.

  • Support operational accountability

Encourage internal privacy policies and oversight mechanisms, promoting greater accountability and transparency in data processing operations.

How it Works

Law No. 19.628 is structured around regulatory requirements for personal data protection, combining principles, data subject rights, and obligations for data controllers and processors, with enforcement by penalties and oversight.

Key Elements

  • Lawful Processing Principles

Establishes core criteria for the fair and legal collection, use, and management of personal data.

  • Data Subject Rights Framework

Describes the mechanisms for individuals to access, correct, and object to the processing of their personal information.

  • Security and Confidentiality Measures

Outlines obligations for implementing technical and organizational controls to protect personal data confidentiality and integrity.

  • Cross-Border Data Transfer Restrictions

Organizes the legal limitations and procedural requirements for transferring personal information outside Chilean jurisdiction.

Framework Scope

Chile Law No. 19.628 is adopted by organizations processing personal data across public and private sectors within Chile.

Framework Objectives

Chile Law No. 19.628 defines key requirements for organizations to promote responsible data handling and privacy protection.

  • Safeguard personal data through robust security controls and risk management practices
  • Strengthen privacy governance and organizational accountability over data processing activities
  • Ensure compliance with Chilean legal and regulatory requirements for data protection
  • Demonstrate readiness for audits and regulatory inspections through documented practices
At a Glance
Chile Law No. 19.628 — Personal Data Protection
  • checklist
    Classicifation
    Category
    info
    Data Protection & Privacy
    Domain
    info
    Privacy
    Framework Family
    info
    Global Privacy Regulations
  • info
    Regulatory Context
    Type
    info
    Framework
    Legal Instrument
    info
    Law
    Sector
    info
    Cross-Sector
    Industry
    info
    Cross-Industry
  • arrow_upload_ready
    Region / Publisher
    Region
    info
    Latin America
    Region Detail
    info
    Chile
    Publisher
    info
    Biblioteca del Congreso Nacional de Chile (BCN)
  • published_with_changes
    Versioning
    Version
    info
    Law No. 19.628 — Protection of Private Life
    Effective Date
    info
    August 28, 1999
    Issue Date
    info
    August 28, 1999
  • graph_3
    Adoption
    Adoption Model
    info
    Regulatory Compliance
    Implementation Complexity
    info
    Moderate
  • captive_portal
    Official Reference
    Source
    info
    Open Link in New Tab
License Information

License included / downloadable: Yes

Chile's Personal Data Protection Law is publicly available through official Chilean government publications.

Official Resources
Ley Chile - Privacy Law No. 19.628
Provides the legal text of Chile's personal data protection regulation.
chevron_forward
SMARTSUITE

How SmartSuite Supports Chile PDPL

Manage Chile Personal Data Protection Law (Law No. 19.628) requirements by organizing privacy controls, tracking personal data processing activities, and maintaining evidence supporting compliance with national data protection obligations.

Personal Data Inventory and Classification

Maintain records of personal data categories, processing purposes, and storage locations.

Consent, Purpose Limitation, and Lawful Use

Track consent collection, purpose limitation, and lawful use of personal data.

Access, Correction, and Deletion Request Management

Manage access, correction, and deletion requests with full audit trails.

Personal Information Safeguard Implementation

Track safeguards protecting confidentiality, integrity, and availability of personal information.

Data Incident and Regulatory Response Monitoring

Monitor data incidents and manage response workflows aligned to regulatory expectations.

Privacy Posture and Compliance Readiness Reporting

Provide dashboards showing privacy posture, control coverage, and compliance readiness.

Related frameworks

APEC PF

APEC Privacy Framework helps organizations manage cross-border privacy risks and facilitate data flows among Asia-Pacific economies.

Learn More
arrow_forward
Argentina PDPL (Law 25,326)

Argentina's Personal Data Protection Law governs processing of personal data to protect individuals' privacy and ensure responsible data management.

Learn More
arrow_forward
LGPD

LGPD is Brazil's data protection law that governs how organizations collect, process, and protect personal data.

Learn More
arrow_forward
CCPA/CPRA

CCPA/CPRA is California privacy law giving residents control over personal data and requiring businesses to protect and disclose data practices.

Learn More
arrow_forward
GDPR

GDPR is an EU regulation that protects individuals' personal data and strengthens organizations' accountability for privacy.

Learn More
arrow_forward
ISO 27701

ISO/IEC 27701 extends ISO/IEC 27001 to help organizations manage privacy and protect personally identifiable information.

Learn More
arrow_forward
NIST Privacy Framework v1.0

NIST Privacy Framework provides voluntary guidance to help organizations identify, assess, and manage privacy risks to individuals' data.

Learn More
arrow_forward
ONBOARDING FAQS

Frequently Asked Questions For Chile Personal Data Protection Law — Law No. 19.628

What is the Chile Personal Data Protection Law — Law No. 19.628 used for?

Law No. 19.628 is designed to protect the privacy and integrity of individuals’ personal data in Chile. It establishes requirements for how organizations collect, process, store, and share personal information, ensuring the lawful and secure handling of data.

Is compliance with Law No. 19.628 mandatory for organizations?

Yes, compliance with Law No. 19.628 is mandatory for both public and private sector organizations that process personal data within Chile. Failing to comply can lead to regulatory investigations and administrative penalties.

What organizations are subject to Law No. 19.628?

Any entity—public or private—that collects, uses, or manages personal data about individuals located in Chile is subject to Law No. 19.628. It applies regardless of the sector or size of the organization.

What are the key concepts and artifacts required under Law No. 19.628?

Key concepts include data subject consent, lawful processing, transparency, and data minimization. Organizations must be able to demonstrate data inventory, consent records, security policies, incident response procedures, and privacy notices.

How does an organization implement Law No. 19.628 in practice?

Implementation involves mapping data processing activities, establishing internal privacy policies, designing technical and organizational controls, and providing mechanisms for handling data subject rights. Conducting regular risk assessments and employee training are also critical steps.

How does Law No. 19.628 relate to other international data protection frameworks?

While Law No. 19.628 aligns with global data protection principles similar to the EU GDPR, it has unique local requirements specific to Chile. Organizations handling cross-border data transfers must pay particular attention to compatibility and adequacy requirements.

What are the ongoing compliance obligations under Law No. 19.628?

Ongoing compliance requires maintaining up-to-date data inventories, monitoring data processing activities, conducting audits, managing security incidents, and honoring data subject requests. Documentation of controls and regular staff awareness activities are necessary to demonstrate accountability.

How would SmartSuite support Chile Personal Data Protection Law — Law No. 19.628?

SmartSuite can assist organizations by providing integrated tools for risk tracking, mapping regulatory controls to processes, and managing evidence collections. It supports audit readiness with documentation workflows, enables policy governance, and offers dashboards for compliance status and reporting. This helps maintain a defensible privacy posture and supports continual risk management.

NEXT STEP

Put CRI Profile into action with SmartSuite

Map controls, collect evidence, run assessments, manage remediation, and report readiness - all from a single connected system.

Explore in SmartSuite
chevron_forward
View all Frameworks
chevron_forward