Uruguay’s data protection law is called the Personal Data Protection Law (No. 18,331). The law was enacted in 2008 and is designed to protect individuals’ personal data and privacy.
Under the law, personal data is defined as any information related to an identified or identifiable individual. This includes a person’s name, address, email address, identification number, financial information, and other sensitive data.
The law requires organizations that process personal data to obtain consent from individuals before collecting, using, or disclosing their data. Organizations must also provide individuals with access to their personal data and allow them to correct any inaccuracies.
Uruguay’s data protection law also establishes a regulatory body called the Uruguayan Agency for Data Protection (UAPDP). The UAPDP is responsible for enforcing the law, investigating complaints, and imposing penalties for non-compliance.
Penalties for non-compliance with Uruguay’s data protection law can be severe. Organizations can be fined up to 200,000 UR ($6,000 USD) for violations of the law. Individuals can also file civil lawsuits for damages resulting from a violation of their data protection rights.
Overall, Uruguay’s data protection law is an important step towards protecting individuals’ personal data and privacy. Organizations that process personal data in Uruguay should ensure that they are in compliance with the law’s requirements to avoid penalties and legal action.