Data Protection Officer "DPO": Chile and Nicaragua

The figure of the Data Protection Officer (DPO) continues to consolidate as a key pillar in the management and governance of personal data, especially in jurisdictions that are moving towards more demanding models of regulatory compliance.

In Chile, the DPO is expressly regulated in Law No. 21.719, which introduces the breach prevention model and establishes his or her role within organisations. Their designation is particularly relevant when these models are adopted, and they must have independence, specialised knowledge and an active role in the supervision of regulatory compliance, internal training and the relationship with authorities and data subjects.

In contrast, in Nicaragua there is no specific regulation on the figure of the DPO. The regulations in force, mainly Law 787, its decree and regulations, contemplate the figure of the data processor, but without expressly developing his or her functions, requirements or a formal designation process. In this context, their functions are mainly linked to the adoption of security measures and collaboration with the authority in control processes.

This regulatory difference is evidence of different levels of regulatory maturity in the area of data protection. While Chile is moving towards a more robust and formalised structure, Nicaragua maintains a more general approach, which poses challenges for organisations operating in multiple jurisdictions.

In this scenario, the incorporation of a function equivalent to the DPO even when not expressly required is positioned as a key good practice to strengthen compliance, manage risks and build trust in the processing of personal data.