Ecuador celebrates the first year of the entry into force of the Organic Law on Personal Data Protection. For this reason, the media Teleamazonas has asked our senior associate Rafael Serrano about its regulations.
According to Serrano, also vice-president of the Ecuadorian Data Protection Association (AEPD), “the Data Protection Law was published on May 26, 2021, and came into force at that time, only leaving two years for the sanctioning regime to come into force. Two years of latency, we could say. During this period, the aim was for both the private and public sectors to develop their capacities to adapt to the Law, since this implies a process of cultural changes”.
Our associate also adds that “the Law is created and a new entity is created, which is the Superintendence of Data Protection. The Council of Citizen Participation has approved the regulations of the contest for the appointment of the Superintendent of Personal Data. Additionally, the overseers for the above mentioned contest have already been appointed. The executive must send the corresponding list of three candidates to appoint the authority”.
The news item explains the lack of adaptation by the public and private sectors to the Data Protection Law. This will be a problem since the application of the sanctioning regime will begin in one year and both the public and private sectors will require several actions to be in compliance.
“This is a regulation to both the private sector and the public sector, which will also have to adapt and begin to prepare for the provisions of the Law. The lack of an authority means that there is a lot of uncertainty about what is going to happen,” confirms Serrano.