National Directorate for Personal Data Protection

The National Directorate for Personal Data Protection (NDPDP) (Spanish: Dirección Nacional de Protección de Datos Personales) is the enforcement body for the Argentine Republic's National Personal Data Protection Act (Act 25.326). It is a dependency of the Ministry of Justice and Human Rights. The directorate is in charge of the National Databases Register, an organized tool that is used in order to understand and control the data bases that circulate throughout the country. The National Databases Register assists and advises those responsible for archives, data banks, registers, and databases with complaints and claims made against them. Such claims are made for violations of rights of information, access, rectification, updating, deletion, and confidentiality in the processing of data. The complaints that are brought before the National Directorate for Personal Data Protection are exclusively about revealing deficiencies or incompliance with applicable standards in the treatment of personal data.

The National Directorate for Personal Data Protection's headquarters is located in the Autonomous City of Buenos Aires.

Functions
General:


 * Investigate whether or not the reported databases are in compliance with the principles established by the Act 25.326 and the regulatory provisions.
 * Report and assist individual people and organizations that violate the rights of information, access, rectification, updating, deletion, and confidentiality in the processing of data.

The NDPDP Will Report:


 * The existence of a database.
 * The target of data collection and their ultimate goal.
 * The name and address of whoever is responsible for a filed database.

Citizens will be able to exercise the following actions when their rights have been violated:


 * Deletion of personal data from databases in cases where alleged facts need to be checked.
 * Correction of personal data in registers of databases.
 * Access to information.
 * Updating personal data.
 * Confidentiality in the processing of data.

Other functions:


 * Judicial action of Habeas Data. This action can be used by people who wish to take account of the personal data stored in archives, registers, and public and private data that will be used to provide reports. Cases of lies or discrimination being discovered are considered a violation of the individuals rights.
 * Approval of international transfer of databases.
 * Control of public and private databases through the National Databases Register.
 * Inspections of companies and organizations.
 * Application of the National Do Not Call Register Act.

History
The National Directorate for Personal Data Protection was founded in 2000 as the enforcement organization for the National Personal Data Protection Act (Act 25.236). The National Personal Data Protection Act itself was approved during Fernando de la Rua's administration and was regulated in 2001 by the Decree 1558/01.

In 2003 the European Union (EU) granted Argentine regulations on personal data protection adequacy in the terms of the Data Protection Directive (Directive 95/46/EC). The EU considers Argentina to be a country with an adequate level of personal data protection.

Article 19 of the Decree 746/2017 indicates that the Agency of Access to Public Information will act as the enforcement authority for the National Personal Data Protection Act (Act 25.236).

National databases register
Objectives:

It is the medium that the National Data Protection Act uses to know and control the registers, archives, databases, and databanks that contain personal data. Access to consult with the register is public and free. Via this tool, everyone can know the type of information that each data base manages and who is responsible for such data bases. Due to this, the registration of a data base in the National Databases Register means that it is compliant with the requirement of lawfulness that the Act 25.326 demands (article 3 and article 21 paragraph 1). Individuals can go to the National Directorate for Personal Data Protection to use the National Databases Register to exercise the right to Habeas Data.

Isologotypes:

Those responsible for personal data databases that have approved registration paperwork in the National Databases Register can make use of the approved isologotype approved by the National Directorate for Personal Data Protection provision 6/05.

Inspection procedures
Objectives:


 * Take note of the activities of whoever is responsible for the database with regards to the personal data they manage. This can include the means by which they manage the database.
 * The degree to which the database in compliant with Act 25.326 is evaluated.
 * Make recommendations for how best the responsible party should function within the legal framework.

Scope of the Inspection:


 * Training.
 * Legality of the data that the responsible party possesses and manages.
 * Legality of the collection of data and updated registration in the National Databases Register.
 * Suitability of the methods used in the treatment of data and respective management.
 * Correct treatment of personal data: storage, exercise of rights in the accordance with laws surrounding data holders, transfers to third parties, international transfers, contracts for the lending of data processing services or third parties.
 * Advertising and forms of communication with third parties that involve personal data that the responsible party is accountable for.

National and international meetings
The National Directorate for Personal Data Protection organizes national and international seminar events with the participation of experts from Argentina and around the world. The goal is to promote education on the protection of personal data.

List of directors
The directors of the National Directorate for Personal Data Protection were: