New Data Protection Law: What Your Company Needs to Know
Chile modernized its privacy regulations with Law 21.719, which replaces the old regulations and establishes new obligations for any company that collects, stores, or uses personal information from its customers or employees. This includes, in particular, small and medium-sized enterprises (SMEs) that were previously unaccustomed to these types of requirements.
Key Points
Any company that handles personal data in Chile is subject to the law, regardless of its size or industry.
Strengthened rights are created for individuals, who can now request access, correction, deletion, and portability of their data at any time.
Companies must have a valid legal justification for using personal data (such as the data subject's consent or the performance of a contract).
In the event of a data breach or violation, there is an obligation to report it to the new Data Protection Agency promptly.
Fines can reach up to 20,000 UTM (Tax Unit Monthly), and for large companies with serious infractions, up to 4% of annual sales.
Why does it matter?
If your company stores customer, employee, or supplier data—even in an Excel spreadsheet or a basic management system—this law applies directly to you. The new regulations create an oversight body with real powers to impose sanctions, meaning that non-compliance has concrete and financial consequences. SMEs that take action before the effective date will have an advantage: during the first year, the Agency will be able to issue written warnings instead of fines for smaller companies.
What to do now?
Identify what personal data your company handles and for what purpose.
Review that customer and employee consent forms are properly documented.
Update your privacy policies and make them publicly accessible.
Evaluate the implementation of a Compliance Program and appoint an internal compliance officer.
Consult a specialized legal advisor to adapt your processes before the new law comes into effect in December 2026.
