Data Law diagnosis (Law 21.719)

A gap assessment of your company’s data processing against the obligations enforceable from December 1, 2026: what exists, what is missing and in which order to close it.

What the diagnosis is

A structured review of how your company processes personal data today, contrasted with Law 19.628 as amended by Law 21.719. The result is not a report to file away: it is a prioritized gap list, each item tied to the article that requires it and the infringement category that sanctions its absence.

What it reviews

Arts. 12-13

Processing and lawful bases

Inventory of processing activities and the lawful basis each one supports: consent, contract, legal obligation, legitimate interest or judicial defense.

Arts. 14 ter-sexies

Duties

Information and transparency, security measures proportional to the processing, and the protocol to report breaches to the Agency.

Rights and contracts

Procedures and processors

Procedures and deadlines to answer access, rectification, erasure, objection and portability requests, and the contracts with data processors.

Arts. 49-51

Governance

The documented decision on appointing a data protection officer and whether the voluntary prevention model, certifiable by the Agency, fits the company.

What the company receives

  • A gap list prioritized by infringement category (minor, serious, very serious).
  • A roadmap with owners and deadlines toward December 1, 2026.
  • A documented baseline that supports accountability before the Agency and feeds the Article 49 model if the company adopts it.

The legal context behind each item is covered in the cluster: what happens if the company is not ready, how to choose the lawful basis and whether to appoint a DPO.

Start with the inventory

The first session maps your processing activities and returns the initial gap picture.

Request the diagnosis

Frequently asked questions

What does the Data Law diagnosis review?

The company’s processing activities and their lawful basis (Articles 12 and 13, Law 19.628), the information, security and breach-reporting duties (Articles 14 ter to 14 sexies), the procedures to answer data subject rights, and the contracts with data processors. Each gap is mapped to its infringement category (Articles 34 and following).

What does the company receive?

A gap list prioritized by infringement category and a roadmap with owners and deadlines toward December 1, 2026. The assessment is documented, which serves as an accountability baseline before the Agency and as the starting point if the company decides to adopt the Article 49 prevention model.

How is it different from the criminal compliance diagnosis?

They are different regimes. The compliance diagnosis evaluates the crime prevention model against Law 20.393 and the Law 21.595 catalog. This diagnosis evaluates personal data processing against Law 21.719. A company may need both, but the gaps, deadlines and authorities differ.

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

© 2025 AnguitaOsorio, all rights reserved.
Chile

Contact

Contáctanos

Phone:

+56 2 2760 4512

Location:

Cerro el Plomo 5420, office 1306, Las Condes, Metropolitan Region.