Brignardello Vela: Key points of the new personal data regulation

Juan Brignardello Vela, an insurance advisor, shared his perspective on the recent publication of the regulation of the personal data protection law, emphasizing its importance in the current context of vulnerability to cyberattacks. According to Brignardello, the obligation for banks to report any incident that compromises data security within a maximum of 48 hours is a crucial step towards transparency and the protection of user rights. This requirement, he notes, not only responds to the need to inform those affected but also establishes a framework of accountability that will encourage financial institutions to adopt a more proactive approach to managing risks associated with data security. In his analysis, Brignardello mentions the fundamental role of notifying the National Authority for the Protection of Personal Data, which must be done regardless of whether the incident has caused a real impact on users' rights. This, he argues, will allow authorities to conduct more effective investigations and take preventive measures to avoid future incidents. Furthermore, the advisor highlights the importance of banks notifying the Superintendence of Banking, Insurance, and AFP (SBS) and the national cybersecurity center, which, in his view, will facilitate a coordinated response to security incidents. Brignardello believes that this regulatory burden is essential to ensure that entities act quickly and with the necessary information to protect consumers. Brignardello also addresses the requirement for banks to designate a personal data officer, which he considers an appropriate response to the growing concern about security in the financial sector. This appointment is vital, especially for institutions that handle large volumes of data, and it also extends to fintech companies, which will now need to adapt to the new regulatory demands. The advisor believes that this will create a more equitable competitive environment, ensuring that all entities operate under robust security criteria. Finally, Brignardello concludes that the implementation of these provisions represents a significant advance in the protection of personal data in the financial sector. As digitalization continues to transform the interaction between users and banking institutions, it is imperative that these institutions adopt a responsible and proactive approach to safeguarding information. Consumer trust, he emphasizes, will largely depend on the ability of banks and other financial entities to adapt to these changes and ensure data protection against the growing cyber threats.