Basic concepts

The definitions contained in Article 2 of the new Data Protection Law are presented below:

Data storage

The preservation or custody of data in a registry or database.

Blocking of data

The temporary suspension of any processing operation of the data stored.

Communication of personal data

To howsoever disclose, by action of the party responsible of the data, personal data to persons other than the data subject to whom the data concern, without actually transferring them.

Outdated data

The one that has lost current validity on account of a law, the compliance of a given requisite, or the expiry of the term stated for its good standing or, were there no stated rule, due to a change in the events or circumstances it records.

Statistical data

Data that, in its origin, or as a consequence of its processing, cannot be associated to an identified or identifiable subject.

Personal data

Any information linked or referring to an identified or identifiable individual. A person shall be identifiable if his/her/their identity can be directly or indirectly determined, particularly through one or more identifiers, such as the name, personal ID document number, and the analysis of elements typical of physical, physiological, genetic, mental, economic, cultural, or social identity of said person.

Sensitive personal data

Personal data that refers to the physical or moral characteristics of individuals, or to events or circumstances of their private life or privacy,  that reveal an ethnic or racial origin, a political, union, or trade group affiliation, socioeconomic status, ideology or philosophical beliefs, religious beliefs, the human biological profile, biometric data, and the information regarding the sexual life, sexual orientation, and gender identity of an individual.

Data deletion or cancellation

The destruction of the data stored in records or databases, howsoever done.

Public access sources

All those databases, or sets of personal data, which access or query may be lawfully done by anybody, such as the Official Gazette, the media, or public records provided by law. The processing of personal data stemming from public access sources shall be subjected to the provisions herein.

State instrumentalities

The authorities, State agencies, and institutions described and regulated by the Political Constitution of the Republic, and those covered in the first paragraph of law No. 18,575, Organic Constitutional Law for the General Terms of the State Administration.

Anonymization

Irreversible procedure through which a personal data cannot afterwards be linked or associated to a given individual, and neither enable identifying the latter, because the connection with the information that links to, associates with, or identifies, said individual has been destroyed or deleted. An anonymised data stops being a personal data.

Pseudonymization

Personal data processing carried out in such a way as to afterwards no longer being attributable to a data subject without turning to additional information, provided that additional information is kept apart and is subject to technical and organizational measures aimed at ensuring the personal data are not attributed to an identified or identifiable individual.

Personal database

The organised set of personal data, whatsoever its purpose, manner, or modality of creation, storage, organization, and access, which enables associating data and processing it.

Party responsible for data or data controller

Any individual or body corporate from the public or private sector, which decides the purposes of, and means for, the processing of personal data, regardless of whether the data are processed by such person or through a third party agent or processor.

Data subject

Individual, whether identified or identifiable, to whom the personal data concern or refer.

Data processing

Any operation or set of operations or technical procedures, whether or not of an automated nature, that howsoever enable the collection, processing, storage, communication, transfer, or usage of personal data or sets of personal data.

Consent

Any and all statement of free, specific, unequivocal, and informed willingness, granted via a statement or clear affirmative action, through which data subjects, their legal representatives or agents, as applicable, authorise the processing of the personal data concerning them.

Right to access

The right of a data subject to request and obtain, from the party responsible, a confirmation on whether his/her/their personal data are being processed by it, access them if so, and access, too, the information consecrated herein.

Right to rectify

The right of a data subject to request and obtain from the party responsible,  that his/her/their personal data be amended or completed, whenever they are being processed by that party responsible and they are inaccurate, dated, or incomplete.

Right to delete

The right of a data subject to request and obtain from the party responsible, the deletion or elimination of his/her/their personal data, pursuant to the causes set forth by law to such ends.

Right to oppose

The right of a data subject to request and obtain from the party responsible, that his/her/their data not be subjected to a specific processing, pursuant to the causes set forth by law to such ends.

Right to portability of personal data

The right of a data subject to request and obtain from the party responsible, a copy of his/her/their personal data in a structured, generic, and commonly used electronic format operational in various systems, and which allows for their communication or transfer to another party responsible for data.

The data subject shall be entitled to have his/her/their personal data directly transferred from one party responsible to another whenever the foregoing is technically feasible.

Transfer of personal data

The conveyance of personal data by one party responsible to another party responsible for data.

Profiling

Any and all forms of automated processing of personal data that consists in using those data to assess, analyse, or forecast aspects in connection with professional performance, financial status, health state, personal preferences, interests, trustworthiness, behaviour, location, or movements of an individual.

Third party agent or processor

The individual or body corporate that processes personal data on behalf of the party responsible for data.

Agency

The Personal Data Protection Agency.

National Registry of Penalties and Compliance

A national public registry managed by the Agency, which records the certified prevention models; parties responsible for that data that adopt them, and the penalties applied to any parties responsible for data that have breached the law.

error: Contenido protegido