Law: The Organic Law on the Protection of Personal Data (only available in Spanish here) (the Law)

Regulator: National Directorate of Public Records (DINARP)

Summary: The Organic Law on the Protection of Personal Data (only available in Spanish here) (the Law) was enacted on May 26, 2021, and organizations had two years (until May 2023) from the date of publication in the Official Registry to commence their processes of adaptation to the Law.

The Law sets out data security obligations, introduces data subject rights that are similar to the GDPR, establishes safeguards including obligations to guarantee fair and responsible data processing, and requires that personal data databases are registered. The Law applies to both public and private organizations. The Law applies to the personal data of natural persons and provides exemptions, among others, to data collected during journalistic activities. The National Directorate of Public Records (DINARP) is the regulatory authority under the Law.

Data protection requirements are also contained in a variety of different laws and regulations. The Constitution of the Republic of Ecuador 2008 (only available in Spanish here), for instance, provides for the right to privacy concerning an individual's personal data. There are also several laws that govern data protection in specific sectors, such as the labor, telecommunications, and financial sectors. Moreover, the Comprehensive Criminal Code of Ecuador (only available in Spanish here) defines 'data of restricted circulation' and regulates crimes concerning the security of information and communication systems.