Data Protection Officer "DPO": Chile and Uruguay

Reports12 March 2026

A comparative analysis of the figure of the Data Protection Officer and its growing relevance in personal data governance and compliance systems.

The Data Protection Officer (DPO) or Data Protection Delegate is the professional in charge of supervising compliance with data protection regulations within an organisation, advising on the application of current regulations and acting as a point of contact with the supervisory authority and data subjects.

In Chile, the regulation is linked to Law No. 21.719, which modifies Law No. 19.628 on the protection of private life. The regulation provides for the appointment of a DPO when organisations adopt models for the prevention of data protection breaches, also establishing requirements of suitability, specialised knowledge and autonomy in the exercise of their functions.

In Uruguay, the appointment of a DPO is mandatory in certain cases, such as in public entities, companies with state participation and organisations that process sensitive personal data. Its regulation is mainly found in Law No. 18.331, together with complementary regulations and resolutions of the supervisory authority.

The analysis was prepared by Martín Basualdo, associate at ECIJA Chile, with the collaboration of Cecilia Amieva, partner at ECIJA Uruguay, and Diego Saralegui, associate at the same office, as part of the firm's joint work to address regulatory challenges in data protection in the region.

Una estructura arquitectónica moderna con formas curvas y superficies metálicas reflectantes.

Download in pdf

What are you looking for?

What are you looking for?

Data Protection Officer "DPO": Chile and Uruguay

Related partners

LATEST FROM #ECIJA