Law: Law No. 1682 Which Regulates Private Information 2001 (only available in Spanish here), as amended by Law No. 1969 of 2002 (only available in Spanish here), and Law No. 5543 of 2015 (only available in Spanish here) (the Private Information Law)

Regulator: There is no general data protection authority.

Summary: Law No. 6534/20 on the Protection of Personal Credit Data (only available in Spanish here) (the Credit Data Law) entered into force on October 28, 2020. The Credit Data Law incorporates a new regime for the protection of personal data being collected or stored in Paraguayan territory, making particular emphasis on the regulation of personal credit data. The Credit Data Law applies to the processing of personal data, in public or private records, whenever personal data is either collected or stored in Paraguay. In addition, the Credit Data Law outlines principles of data processing, data subject rights, and the obligations applicable to data controllers and processors.

The Credit Data Law is still in the process of being more specifically regulated. The adaptation term set by the Credit Data Law expired on October 28, 2022. Notably, the Credit Data Law repealed Law No.1682/01 Which Regulates Private Information 2001 (only available in Spanish here) and its amendments by Law No.1969/02 (only available in Spanish here) as well as Law No. 5543/15 (only available in Spanish here) (the Private Information Law) which previously governed the processing of personal data.

The Credit Data Law also appoints two regulatory authorities: the Central Bank of Paraguay (BCP) and the Secretariat for the Defense of the Consumer and User (SEDECO).