The Personal Data Protection Law (PDPL) is the primary law governing the processing of personal data in Argentina. It was enacted in 2000 and updated in 2018 with the enactment of Decree No. 58/2019. The PDPL is modeled after the EU’s General Data Protection Regulation (GDPR) and provides individuals with rights over their personal data.
The PDPL applies to any individual, company, or organization that processes personal data in Argentina, regardless of whether they are based in the country or not. It defines personal data as any information that relates to an identified or identifiable individual, including but not limited to names, addresses, identification numbers, and financial information.
Under the PDPL, individuals have the right to know who is processing their data, what data is being processed, and for what purposes. They also have the right to request access to their data, request that it be corrected, updated or deleted, and object to its processing in certain circumstances.
Companies and organizations that process personal data must comply with certain requirements, including obtaining consent from individuals before collecting their data, implementing appropriate security measures to protect the data, and providing individuals with access to their data upon request.
The PDPL also establishes the National Directorate for the Protection of Personal Data (DNPDP), which is responsible for enforcing the law and promoting compliance with data protection standards in Argentina.
In addition to the PDPL, there are other regulations that may apply to specific industries or types of personal data processing, such as the Health Information Protection Law and the Financial Information Protection Law.
Overall, the PDPL plays a critical role in protecting the privacy rights of individuals in Argentina and ensuring that companies and organizations that process personal data do so in a responsible and transparent manner.