Personal Data Protection Law
Gindi provides a package of services that facilitate the appropriation of Chilean Law 21.719, covering the regulatory design, technology, and operational support required.
The current context redefines the responsibility of organizations, highlighting that the right to personal data protection is an enforceable and demanded guarantee.
Law 21.719 on Personal Data Protection
Law 21.663 Cybersecurity Framework
Law 21.459 on Computer Crimes
National Cybersecurity Agency
Personal Data Protection Agency
Fundamental Pillars of Law 21.719 on Personal Data Protection:
Principles of Lawfulness
Lawfulness, legal basis that justifies it.
Purpose, have specific and legitimate purposes.
Proportionality, appropriate to the purposes.
Quality, accurate and up-to-date.
Responsibility, be able to account for how they handle information.
Security, implementation of technical and organizational measures for data protection.
Transparency, clear and accessible information.
Confidentiality.
Rights of the interested party ARSOP
Access, the owner can request information about whether their data is processed and what it is.
Rectification, gives the possibility to correct inaccurate or incomplete data.
Suppression, allows you to request the deletion of data when it is no longer necessary for the purpose or withdraw your consent.
Opposition, allows you to oppose the processing of data under certain circumstances.
Portability, allows you to request the transfer of information in a structured format to another entity
Bases of Lawfulness
Consent, manifestation of the owner, free, informed and specific by which he authorizes the processing of his personal data.
• Legal Compliance, the processing of data is lawful when it is necessary to comply with an obligation established by law.
• Legitimate Interest, it is lawful when it is necessary for the satisfaction of legitimate interests of those responsible for the data or a third party, provided that the interest or right of the data owner does not prevail.
Our services :
We analyze together with the institution the fundamental pillars of the regulations with a legal, technical and functional team expert in data privacy and knowledgeable of the processes, the architecture of the applications and people who are exposed to data management in Higher Education Institutions. We provide specific solutions that guarantee the security of information, promoting a balance between the privacy of the owners and the efficiency of the organizations responsible for the data.
All our services are offered as a consulting package that includes several SaaS tools, depending on the level of maturity of the institution in the adoption of the law, limiting the scope of the requirements, reducing costs and time because we vary the required investment.
Design of the regulatory framework
Legal advice, which allows consolidating policies, processes and tools through effective governance adjusted to law
Technology
Implementation of specific technological solutions that allow compliance with the law effectively and safely
Services
Continuous support and accompaniment that allow sustainability and adaptability to the operation over time.
Our Technology and Services for compliance with the law
ARSOP Rights
The Law establishes that data owners must be able to make requests for Access, Rectification, Suppression, Opposition and Portability.
Our solutions automate the process of handling these requests throughout all their environments and databases, reducing operational costs and ensuring compliance within the established times.
Informed consent
Data subjects have the right to be informed when they are asked for consent to the use of their data and personal information.
Our solutions and services help to implement consent management in Higher Education institutions to keep their privacy policies up to date and generate preference centers that automate consent management with different services and communication channels.
Data processing
For the management of processes that use data, it will be mandatory to generate documentation that proves the purpose of the treatment, security measures considered, protection mechanisms in cross-border transfers, among others.
We help recreate the catalog of assets and processes that allows generating a comprehensive data map that covers all the aspects necessary for compliance with the new regulation.
Data security
Part of the requirements includes a good exercise of security measures and policies. In addition, it will be necessary to generate documentation in case of detected vulnerabilities.
Data Security Posture Management (DSPM) helps reduce the risk of data breaches, improve data security, and meet privacy requirements. This is achieved by scanning Infrastructure systems as in search of security vulnerabilities. We provide these softwares in the services-SaaS mode.