Data Protection & Cybersecurity: The Need for a New Data Protection Law.

Arístides Victoria, ECIJA Dominican Republic senior associate, shares his opinion about the need for a new Data Protection Law.

In the digital age, protection of personal data has become an essential right to safeguard the privacy of individuals. However, in the Dominican Republic, the current data protection law, Law No. 172-13, has significant gaps that require urgent attention through new and stronger legislation. Although the FCA sets out some key principles, such as data quality, security and purpose, as well as rights of access, rectification, cancellation, and opposition (ARC), it faces several limitations.

The Dominican Constitution, in its article 44, guarantees the right to privacy and personal honor, emphasizing the importance of privacy and control over personal data. Despite this constitutional guarantee, the current law has a completely analogous approach and has not taken into account that the flow of personal data is more focused on the digital world.

The current regulatory framework does not comprehensively address processing. Cross-border data, nor does it establish adequate mechanisms for effective monitoring and control. In addition. The lack of a specialized regulator and an adequate enforcement structure has resulted in insufficient regulation to handle the complexity and volume of current data.

To a new data protection law. Yes effective and aligned with international standards, it is crucial to address several key aspects:

1. Specialized Regulator: The new standard should establish a specialized and independent regulator with responsibility for supervising compliance with the obligations set. This regulator should have the power to impose sanctions and the ability to issue guidelines, among other essential functions.
2. Clear and affirmative consent: The law should ensure that the consent for the processing of personal data is clear and affirmative. This means that data subjects must give their consent explicitly and consciously. Legislation should prohibit implied consent and establish mechanisms to ensure that users fully understand the processing of their data. Currently, there are positions that allow to omit the obtaining of the consent comma, which represents a risk to the privacy.
3. Right to Data Portability: It is essential to include the right to data portability, which allows individuals to transfer their personal data to other service providers. This right facilitates mobility between services and promotes competition in the market.
4. Notification of Security Breaches: The law should require organizations to notify data subjects and the competent authority. About any security breach that exposes personal data. The notification should be made within a reasonable time and include details on the nature of the breach and the measures taken to mitigate the risk.
5. Compliance: The standard should require entities that involve personal data management policies, perform regular internal audits and ensure they comply with current regulations.

In conclusion, it is imperative that the country move forward with the adoption of a new law addressing these crucial aspects. This step is essential not only to safeguard individual rights in the digital environment, but also to position the country as a leader in privacy protection in the region.

Read complete editorial version here.