{"id":43185,"date":"2025-10-03T09:38:58","date_gmt":"2025-10-03T15:38:58","guid":{"rendered":"https:\/\/garciabodan.com\/?p=43185"},"modified":"2025-10-30T11:12:06","modified_gmt":"2025-10-30T17:12:06","slug":"el-salvador-strengthens-personal-data-protection","status":"publish","type":"post","link":"https:\/\/garciabodan.com\/en\/el-salvador-strengthens-personal-data-protection\/","title":{"rendered":"El Salvador strengthens personal data protection with new mandatory policies for companies"},"content":{"rendered":"<p><span data-contrast=\"auto\">El Salvador\u2019s State Cybersecurity Agency (ACE) has published the Policies on the Handling and Management of Personal Data, which implement the Law on the Protection of Personal Data and establish a mandatory framework for all public and private entities that collect, store, process, or transfer personal data in the country, including international operations involving Salvadoran citizens.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\r\n<p>&nbsp;<\/p>\r\n<h2><span style=\"color: #2263aa;\"><b>Key obligations for companies and organizations<\/b>\u00a0<\/span><\/h2>\r\n<p><span data-contrast=\"auto\">The policies, aligned with international standards such as ISO 27001, set forth the following requirements:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Appoint a Data Protection Officer (DPDP) responsible for regulatory compliance.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish the processing of personal data on a legitimate basis.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Develop internal data protection policies and maintain a detailed record of processing activities.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Train staff on secure information handling.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Conduct Privacy Impact Assessments (PIA) to identify and mitigate risks.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Implement mandatory technical measures such as access control, two-factor authentication, data encryption, backups, and penetration testing.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><span data-contrast=\"auto\">Apply physical security measures such as restricted access to facilities, secure document storage, and certified data disposal.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<ul>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><span data-contrast=\"auto\">Report any security breach within 72 hours to ACE, the Office of the Attorney General, and the affected data subjects.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\r\n<\/ul>\r\n<p>&nbsp;<\/p>\r\n<h2><span style=\"color: #2263aa;\"><b>Penalties for non-compliance<\/b>\u00a0<\/span><\/h2>\r\n<p><span data-contrast=\"auto\">Violations are classified as minor, serious, or very serious, with penalties ranging from warnings to significant fines (Arts. 56 and 57 LPDP). Non-compliance may expose companies not only to financial sanctions but also to severe reputational damage.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\r\n<p>&nbsp;<\/p>\r\n<h2><span style=\"color: #2263aa;\"><b>Oversight and enforcement<\/b>\u00a0<\/span><\/h2>\r\n<p><span data-contrast=\"auto\">Companies must update their internal procedures to comply with these policies, which include annual compliance audits and the promotion of international certifications in privacy and data security. These provisions are already in effect and will be updated periodically to adapt to new regulations and digital threats.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>El Salvador\u2019s State Cybersecurity Agency (ACE) has published the Policies&#8230;<\/p>\n","protected":false},"author":3,"featured_media":43189,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[229],"tags":[],"class_list":["post-43185","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/43185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/comments?post=43185"}],"version-history":[{"count":2,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/43185\/revisions"}],"predecessor-version":[{"id":43485,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/posts\/43185\/revisions\/43485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/media\/43189"}],"wp:attachment":[{"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/media?parent=43185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/categories?post=43185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/garciabodan.com\/en\/wp-json\/wp\/v2\/tags?post=43185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}