You are here


Survey Answer:

In order to avoid confusion, we will generally refer to the authority charged with enforcing the Data Protection Law as the Data Protection Authority or DPA.

Since the enactment of Data Protection Law in 2000 and until recently, the DPA was the Na-tional Directorate of Data Protection. In 2017, Emergency Decree No. 746/2017 and Decree No. 899/2017, substituted the National Directorate of Data Protection with the newly formed Agency of Access to Public Information. The Agency of Access to Public Information was created by Law No. 27,275 and is an autarchic entity that operates with functional autonomy within the President’s Chief of Staff Office.

The DPA may apply the following penalties in the event of violation of the Data Protection Law:

i) Observation;
ii) Suspension;
iii) Fines of between AR $1,000 and AR $100,000 (approximately US$ 50 to US$ 5,000 at the current exchange rate);
iv) Business closure; or
v) Cancellation of the file, record, or database.

The DPA has issued several regulations in connection with its administrative sanctions. In particular, Rule No. 9/2015 established different ranges of administrative sanctions and specified that failing to meet applicable security requirements would be classified as a severe infringement of data protection regulations. Severe infringements may be sanctioned with suspension from 1 to 30 days of the pertinent database, and/or a fine of AR$ 25,000 to AR$ 80,000 000 (approximately US$ 50 to US$ 4,000 at the current exchange rate).

Provided By:
Diego Fernandez: Marval, O´Farrell & Mairal