Data Protection in Ecuador

Data protection officers in Ecuador

Each controller or processor is required to appoint a data protection officer (DPO) if it satisfies one or more of the following tests:

  • it is a public authority;
  • its core activities consist of processing operations which, by virtue of their nature, scope or purposes, require regular and systemic monitoring of data subjects on a large scale; or
  • its core activities consist of processing sensitive personal data on a large scale.

Groups of undertakings are permitted to appoint a single data protection officer with responsibility for multiple legal entities, provided that it does not give rise to a conflict of interests.

DPOs must exercise their duties in a "professional manner" for the controller or processor, though it is possible to outsource the DPO role to a service provider.

The DPO must directly report to the highest management level, must not be told what to do in the exercise of his or her tasks and must not be dismissed or penalized for performing those tasks.

The specific tasks of the DPO include:

  • to inform and advise on compliance with the Personal Data Protection Organic Law;
  • to monitor compliance with the law and with the internal policies of the organization including assigning responsibilities, awareness raising and training staff;
  • to advise and monitor data protection impact assessments where requested; and
  • to cooperate and act as point of contact with the Superintendence of Data Protection.

Continue reading

  • no results

Previous topic
Back to top