Last modified 21 December 2021

Data Protection in Guatemala

Security in Guatemala

Download PDF

Download current country

Change countries

Change country

Law

Data protection laws in Guatemala

Guatemala does not have a personal data protection law, however the Law on Access to Public Information (Ley de Acceso a la Información Pública – Decree 57-2008 of the Congress of the Republic), even if it pertains to information in public files and records, does address the matter in certain provisions which can be applicable to private parties.

Related resources

Definitions

Definitions in Guatemala

Definition of Personal Data

Article 9, number 1 of the Law on Access to Public Information defines Personal Data as “relative to any information pertaining to natural persons identified or identifiable.”

Definition of Sensitive Personal Data

Article 9, number 2 of the Law on Access to Public Information defines Sensitive Personal Data as “such personal data referring to physical or moral characteristic of the persons or to facts or circumstances of its private life or activity, such as personal habits, racial origins, ethnic origin, ideology or political opinions, religious beliefs or convictions, physical or psychologic health status, sexual preference or sex life, moral and familiar situation or other intimate matters similar in nature.”

Authority

National data protection authority in Guatemala

According to Art. 46 of the Law on Access to Public Information the competence as National Data Protection Authority is the Ombudsman (Procurador de los Derechos Humanos).

Registration

Registration in Guatemala

Registration of Personal Data is not regulated, yet if personal data of an individual is gathered by any public office or obliged subject, even private parties (under the premise that they receive public funds or grants from the State of Guatemala), Article 30 of the Law on Access to Public Information grants the right to Habeas Data.

Data protection officers

Data protection officers in Guatemala

Public offices and private parties defined in Art. 6 of the Law on Access to Public Information must implement Public Information Units, pursuant to Art. 19 of the law.

Collection and processing

Collection and processing in Guatemala

Collection and Processing of personal data is not regulated, however Art. 33 of the Law on Access to Public Information refers files and information systems and Art. 39 refers to electronic or digital records. According to Art. 36 of the Law, all information in public records must be safeguarded and should not be destroyed. Art. 32 of the Law prohibits the creation of data banks or files containing sensitive data and sensitive personal data, unless such information is for the service and attention of the public institution creating the data bank.

Related resources

Transfer

Transfer in Guatemala

Transfer of Personal Data is not regulated, however, Art. 31 of the Law on Access to Public Information establishes that written consent is necessary for any type of information transfer and bans expressly the commercialisation of sensitive data and sensitive personal data.

Related resources

Security

Security in Guatemala

Security is not regulated. However, as referred above, according to Art. 36 of the Law, all information in public records must be safeguarded and should not be destroyed.

Related resources

Breach notification

Breach notification in Guatemala

Breach Notification is not regulated, however, Art. 17 of the Law on Access to Public Information stipulates that the person consulting public information must give notice to the relevant authority of the destruction or misuse of public information.

Mandatory breach notification

Mandatory Breach Notification is not regulated.

Related resources

Enforcement

Enforcement in Guatemala

According to Arts. 61, 62 and 63 of the Law on Access to Public Information, enforcement corresponds to the Superior Authorities of the relevant public offices and in the event the infraction entails criminal responsibility it corresponds to the Prosecutor General’s Office. Arts. 64 to 67 of the Law specifically create criminal figures related to the abuse and misuse of information contained in public records, including Personal Data.

Specifically, Art. 64 of the Law establishes a prohibition to private parties to commercialise personal data without consent. Violation to this provision results in jail from 5 – 8 years and a fine ranging from Q.50,000.00 to Q.100,000.00 and the confiscation of any element employed to execute the crime.

Electronic marketing

Electronic marketing in Guatemala

According to the Law of Acknowledgment of Electronic Communications and Signatures, Decree 47-2008 of the Congress of the Republic, electronic marketing is not considered E-Commerce, yet it is considered a communication and an electronic communication as it contains an exposition, statement, claim, advice, request, or offer and the acceptance of an offer, in relation to the construing or execution of a contract.

If any such communication is not addressed to a particular person but it is a general communication, according to Art. 25 of the aforementioned law, it shall be deemed an offer.

Protection to the consumer in E-Commerce and E-Marketing or E-Advertisement is addressed in Art. 51 of the aforementioned law, compelling the originators of such communications to act in an equitable manner and to fully comply with the offered matters and not to engage into false, deceitful, fraudulent or disloyal business practices.

Online privacy

Online privacy in Guatemala

Online privacy is not regulated.

Related resources

Key contacts

Data protection lawyers in Guatemala

Carlos Cabrera

Associate

Central Law

Guatemala City

Security is not regulated. However, as referred above, according to Art. 36 of the Law, all information in public records must be safeguarded and should not be destroyed.

Quick links

Data Protection in Guatemala

Security in Guatemala