Regulation

Personal Data Protection Act 25.326 – Argentina

Argentina’s PDPA protects the rights of individuals when it comes to processing personal data, with specific provisions around credit information and marketing.

Are you subject to Argentina’s PDPA?

Argentina’s PDPA applies to businesses and persons public or private. The law also applies to processing personal data in data files, registers, databases, or databanks to provide reports.

Obligations under Argentina’s PDPA

Organizational privacy requirements

Organizations must register private or public databases with the Argentinean DNPDP, including information on the persons responsible for the database with the indication of the hierarchical instrumentality of the organization and the person responsible for responding to individual rights. Organizations shall have contracts in place with data processors.

Individual rights

Argentina’s PDPA includes data subject rights such as information access, correction, deletion of personal information, and the right to object to solely automated decisions, including judicial or administrative acts.

Consent & transparency

Enable data subjects to provide their free, informed, and expressed consent to processing in a way that clearly demonstrates their intention. Inform individuals in a clear, precise, and easily accessible form about processing their personal information and who is processing it.

Security

The law requires companies to adopt technologies such as encryption to protect personal data from unauthorized access, disclosure, destruction, and misuse.

Reports

Global Privacy Benchmarks Report

This survey report provides a 360° view of how enterprises manage data protection and privacy. Feedback came from senior leadership inside the privacy office and privacy team members.

Read the report

Achieve compliance

FAQs

When did the Argentinean PDPA take effect?

The law was enacted on October 4, 2000, and amended on December 12, 2007.
What type of personal data is covered by Argentina’s PDPA?

The law applies to all personal data and includes special provisions for processing data for advertising purposes, opinion polls, and providing credit information services.
What are the requirements for vendors under Argentina’s PDPA?

Contracts need to be in place with vendors requiring them to keep personal information confidential, restrict its disclosure (even for storage purposes), and limit its use only for contracted purposes.
What are Argentina’s PDPA rules for international data transfers?

There are five circumstances where organizations are able to transfer personal data to a third party outside of Argentina that do not provide an adequate level of protection, according to the PDPA. Some of these circumstances include the exchange of medical information when applicable, stock exchange or banking transfers, and under international treaties which the Argentine Republic is a signatory to.

Related resources

View all resources

The information provided does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented are for general informational purposes only.