On May 10, 2021, the Ecuadorian National Assembly unanimously approved the Organic Law on Data Protection (the “Data Protection Law”), which President Moreno is expected to sign.

The Data Protection Law is based on the EU General Data Protection Regulation (the “GDPR”) and requires data controllers to implement safeguards to protect personal data, appoint a data protection officer and provide notice to individuals before processing certain persona data. The Data Protection Law also (1) establishes a national data protection authority; (2) regulates cross-border data transfers; and (3) provides Ecuadorians with the rights to request access to, amendment of and deletion of their personal data.

Unlike the GDPR, however, the Data Protection Law provides for lower civil monetary penalties for violations that range from 0.1% to 1% of a company’s annual revenue, depending on several circumstances including the gravity of the violation.

Read more about Ecuador’s Data Protection Law.