What is considered personal and sensible data?
According to the law, personal data is any information concerning natural persons that identifies or makes them identifiable.
Sensitive data may reveal aspects such as racial or ethnic origin; religious, philosophical, and moral beliefs or convictions; union membership; political opinions; data relating to health, life, sexual preference or orientation, genetic data, or biometric data, among others.
Law 81 establishes that sensitive data may not be transferred without the holder’s explicit consent when it is necessary to safeguard the holder’s life. It also mentions that consent may be obtained in a form that allows its traceability through documentation, whether electronic or by another appropriate mechanism, and may be revoked, without retroactive effect.
General principles
The general principles are those that inspire and govern the protection of personal data and are the basis for its interpretation and application of the law:
Principle of fairness: personal data are collected without deception or misrepresentation and without using fraudulent means.
Principle of purpose: personal data must be collected for specific purposes, not further processed for purposes other than those requested, and not be kept for longer than necessary.
Principle of truthfulness and accuracy: data must be accurate and reflect the data owner’s current situation.
Principle of data security: those responsible for personal processing data must adopt measures to ensure the safety of the data and inform the owner as soon as possible when the data have been removed without authorization or there are indications that their security has been breached.
Principle of transparency: information and communication must be expressed in clear and straightforward language.
Principle of lawfulness: data must be collected lawfully, with the prior, informed, and unequivocal consent of the owner or on a legal basis.
Principle of portability: the owner of the data has the right to obtain from the data controller a copy of the personal data in a generic and commonly used format.
The National Authority for Transparency and Access to Information (ANTAI), with the support of the National Authority for Government Innovation (AIG), the authorities that will oversee and supervise the protocols, processes, and procedures for the management and secure transfer, protecting the rights of the holders.
To learn more details about Law 81, visit here:
