Data Law 21.719 / Fundamental Principles

Fundamental Processing Principles

Eight principles that constitute binding legal obligations. Each principle requires specific controls and documentation to demonstrate compliance. Non-compliance may result in administrative liability.

Verifiable Implementation

Principles must be translated into documented technical and organizational controls. Agency oversight includes review of consent records, access logs, processor contracts, incident response procedures, and evidence of staff training.

Principles of Lawfulness and Fairness

Processing requires a valid legal basis that the controller must be able to demonstrate.

Applicable Legal Bases

  • Data subject consent
  • Contractual performance
  • Legal obligation
  • Legitimate interest of the controller
  • Public interest or public authority

Required Documentation

  • Record of legal bases applied
  • Evidence of consents
  • Legitimate interest analysis

Purpose Principle

Collection for specific, explicit and lawful purposes. Processing is limited to these declared purposes.

Requirements

  • Specific purposes at collection time
  • Processing limited to declared purposes
  • Clear specification in privacy notices

Processing for Different Purposes

  • Purposes compatible with the original ones
  • New consent from the data subject
  • When established by law

Proportionality Principle

Collection limited to necessary and relevant data. Retention only for the time required for processing purposes.

Data Minimization

  • Collect only necessary data
  • Limit to specific purposes
  • Define retention periods

Deletion or Anonymization

  • Delete when purposes are fulfilled
  • Anonymize as an alternative
  • Justify extended retention

Quality Principle

Data must be accurate, complete, current and relevant in relation to its source and processing purposes.

Maintenance Obligations

  • Accuracy verification at collection
  • Periodic data updates
  • Correction of detected inaccuracies

Obsolete Data Management

  • Identification of outdated data
  • Deletion of irrelevant data
  • Regular validation processes

Accountability Principle

The controller must demonstrate compliance with established obligations (accountability).

Implementation

  • Documented policies and procedures
  • Staff training
  • Compliance audits

Required Evidence

  • Record of processing activities
  • Impact assessments
  • Processor contracts

Security Principle

Technical and organizational measures appropriate to the processing risk level.

Technical Measures

  • Data encryption
  • Access controls
  • Backups and recovery

Organizational Measures

  • Security policies
  • Cybersecurity training
  • Incident response procedures

Transparency and Information Principle

Clear, accurate and accessible information about processing and data subject rights.

Mandatory Content

  • Identity of controller and DPO
  • Purposes and legal basis of processing
  • Data subject rights and how to exercise them

Delivery Method

  • Accessible privacy notices
  • Layered information
  • Clear and concise language

Confidentiality Principle

Duty of secrecy for the controller and anyone accessing personal data. Continues after the relationship ends.

Obligated Parties

  • Internal staff
  • Data processors
  • Consultants and advisors

Implementation

  • Confidentiality agreements
  • Training on confidentiality duties
  • Role-based access controls

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

Schedule ConsultationMeet the Team
© 2025 AnguitaOsorio, todos los derechos reservados.
Chile

Nuestra Empresa

Contacto

Contáctanos

Teléfono:

+56 2 2760 4512

Ubicación:

Cerro el Plomo 5420, oficina 1306, Las Condes, Región Metropolitana.