Peru: Privacy and Data Protection-related Laws
Current Peru Privacy and Data Protection-Related Laws: (source)
- Personal Data Protection Law (PDPL) was published on July 3, 2011
its regulations were enacted by Supreme Decree 003-2013-JUS and was published on March 22, 2013 (the ‘Regulations’)
the Security Policy on Information Managed by Databanks of Personal Data was enacted by Directorial Resolution N° 019-2013-JUS/DGPDP on October 11, 2013
- Details:
- The PDPL applies to any processing of data by an establishment in Peru, by a holder of a database in Peru or even where the holder of the database is not located in Peru but uses means located in Peru for the purposes of processing data (source)
- The the PDPL defines personal data as “all numerical, alphabetical, graphic, photographic, sound, or any other type of information concerning an individual which identifies or could be used to identify the individual through reasonable means”
- The PDPL defines sensitive data as: “as biometric data which can identity someone; racial and ethnic background; income; political or religious opinions or creed; union membership; data related to health or sexual orientation and, in general, physical, mental and emotional characteristics, facts or circumstances of emotional or family life, and personal habits corresponding to the most intimate sphere of private life”
- Registration: public and private databases containing personal data must be registered with the National Registry for Personal Data Protection. For more information on registering please use this link
- For an english translation of this law please see here
- Information on how the PDPL relates to public blockchains is not available
Sources
Dlapiper data protection, Technology Law Dispatch, Hunton privacy blog