Data Law 21.719 / International Transfers

International Data Transfers

Regulatory framework for cross-border personal data transfers under Law 21.719, establishing specific protection mechanisms to ensure continuity of protection level outside Chilean territory.

International Transfers

Transfers require guarantees of equivalent protection in the destination country. Law 21.719 establishes hierarchical mechanisms: adequacy decisions, appropriate safeguards, and specific exceptions.

Adequacy Decisions

Official recognition by the Data Protection Agency that a third country offers a level of protection essentially equivalent to Chilean standards.

  • Comprehensive legal framework assessment
  • Analysis of supervisory authorities
  • Periodic review of conditions

Standard Contractual Clauses

Model contracts approved by the Agency establishing specific obligations for data importers, guaranteeing equivalent protection through contractual commitments.

  • Data importer obligations
  • Third-party beneficiary rights
  • Effective remedy mechanisms

Binding Corporate Rules (BCR)

Internal policies of multinational corporate groups establishing uniform data protection standards applicable to all entities within the corporate group.

  • Application to entire corporate structure
  • Agency approval
  • Internal compliance mechanisms

Certifications and Codes of Conduct

Sector-specific certification programs and approved codes of conduct demonstrating compliance with specific data protection standards in transfers.

  • Specific sector certifications
  • Industry codes of conduct
  • Supervision by accredited bodies

Transfer Assessment Process

Determining the appropriate mechanism for each international transfer requires systematic analysis considering multiple specific legal, technical, and operational factors.

1. Identification of Destination Country

Precise determination of the data-receiving jurisdiction, considering not only the importer's country of establishment, but also possible sub-transfers and location of servers or processing centers.

2. Adequacy Decision Verification

Consultation of the official registry of countries with valid adequacy decisions. If one exists, the transfer may proceed without additional safeguards, subject to the specific conditions of the decision.

3. Alternative Mechanisms Evaluation

In the absence of an adequacy decision, analysis of the applicability of standard contractual clauses, BCR, certifications, or codes of conduct according to the specific characteristics of the transfer.

4. Complementary Risk Analysis

Additional assessment of factors such as the destination country's legal framework, government access powers, judicial independence, and existence of effective remedies for data subjects.

5. Implementation and Documentation

Formalization of the selected mechanism through appropriate documentation, inclusion in the Record of Processing Activities, and establishment of ongoing compliance monitoring procedures.

Special Considerations by Sector

Financial Services
Additional banking regulation and AML/CFT
Healthcare
Special protection of sensitive data
Cloud Computing
Data localization and government access
Telecommunications
Lawful interception and digital sovereignty

Transform Your Legal Challenges into Competitive Advantages

Discover how our innovative approach can drive your business

Schedule ConsultationMeet the Team
© 2025 AnguitaOsorio, todos los derechos reservados.
Chile

Nuestra Empresa

Contacto

Contáctanos

Teléfono:

+56 2 2760 4512

Ubicación:

Cerro el Plomo 5420, oficina 1306, Las Condes, Región Metropolitana.