Page 1

PROTECTION OF PERSONAL DATA
Decree 1160/2010
Modify Annex I of Decree No. 1558/01.
Bs. As., 8/11/2010
HAVING SEEN File No. 140,546 / 03 of the registry of the MINISTRY OF JUSTICE, SECURITY AND HUMAN RIGHTS, the LAW OF PROTECTION OF PERSONAL DATA No. 25,326 and its Regulatory Decree No. 1558 dated November 29, 2001, and
CONSIDERING:
That the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA, a body dependent on the UNDER SECRETARIAT FOR REGISTRY AFFAIRS of the SECRETARIAT OF REGISTRY AFFAIRS of the Ministry cited in the Sentence, its character as an organ of
control of Law No. 25,326, is entrusted with the function of investigating and controlling that the processing of personal data is carried out in the terms of the aforementioned Law.
That, likewise, it is assigned the mission of imposing the corresponding administrative sanctions for violation of the norms of Law No. 25,326 and the regulations issued as a consequence.
That by Provision No. 7 of November 8, 2005 of the registry of the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA, the "Classification of Infractions" and the "Grading of Sanctions" to be applied to violations of the regulations were approved.
mentioned before.
That subsection 2 of Article 31 of Law No. 25,326 provides that the regulations will determine the procedure for the application of the sanctions provided for in the same article.
That Annex I of Decree No. 1558/01, regulating Law No. 25,326, established in paragraph 3 of Article 31, the rules to which the procedure should comply.
That it is convenient to replace said precept, establishing a procedure that, even though it maintains the scheme currently in force, regulates with greater precision and simplifies the activity of the NATIONAL DIRECTORATE OF DATA PROTECTION
PERSONAL relative to their functions of investigation and control, with a view to the origin of the application of sanctions, with protection of the rules of due process and the right of defense.
That also, the aforementioned DNPDP Provision No. 7/05 created the REGISTRY OF LAW OFFENDERS No. 25,326 in order to organize and keep updated a registry of those responsible for the commission of the infractions contemplated in Annex I of the
provision mentioned.
That it is considered convenient, in compliance with the guarantee of publicity of government acts, as provided by Decree No. 1172 dated December 3, 2003, that the records of the Registry mentioned in the preceding considering paragraph, be published
on the website of the NATIONAL DIRECTORATE FOR THE PROTECTION OF PERSONAL DATA, as long as they are sanctions that are firm.
That they have taken the intervention that corresponds to them the GENERAL DIRECTORATE OF LEGAL AFFAIRS of the MINISTRY OF JUSTICE, SECURITY AND HUMAN RIGHTS and the PROCUREMENT OF THE NATION'S TREASURE.
That this measure is issued in use of the powers conferred by article 99, paragraph 2 of the NATIONAL CONSTITUTION.
Thus,
THE PRESIDENT OF THE ARGENTINE NATION
DECREE:
Article 1 - Subsection 3. of article 31 of Annex I of Decree No. 1558/01 is replaced by the following:
"3. The procedure shall conform to the following provisions:
a) The NATIONAL DIRECTORATE FOR PERSONAL DATA PROTECTION (DNPDP) will initiate administrative actions in case of alleged infractions of the provisions of Law No. 25,326, its regulatory and complementary standards, ex officio or by
Complaint from whoever invokes a particular interest, from the Ombudsman of the Nation or from consumer or user associations.
b) For the fulfillment of its duties, the NATIONAL DIRECTORATE OF PERSONAL DATA PROTECTION may:
I) Check the legitimacy of all systematic operations and procedures, electronic or not, that allow the collection, conservation, ordering, storage, modification, relationship, evaluation, blocking, destruction and, in general, the processing
of personal data, as well as its transfer to third parties through communications, consultations, interconnections or transfers.
II) Verify the proper functioning of the internal and external control mechanisms of the file, registry, database or database for the effective safeguarding of the personal data it contains.
III) Verify the observance of the norms on data integrity and security by the files, registers or databases.
IV) Ensure compliance with the deadlines established in articles 14 and 16 of Law No. 25,326 for the exercise of the rights of access, rectification, deletion, updating and confidentiality recognized to the holders of personal data.
V) Carry out investigations and inspections, as well as request from those responsible or users of personal data banks and their treatment, information, antecedents, documents, programs or other elements related to the processing of personal data that
deems it necessary and also request the assistance of the technical bodies and / or, where appropriate, the corresponding judicial authorization, for its purposes.
VI) Request the presentation of reports to those responsible for data banks and their treatment.
VII) Formulate requirements before the national, provincial and municipal authorities.
VIII) Carry out inspections and draw up the pertinent Inspection Certificate, which together with the technical checks that are available, will constitute sufficient proof of the facts thus verified.
IX) Request to the competent judge the assistance of the public force to carry out the search of homes; the closing of records; the seizure of documentation and any other measure tending to the full compliance of the investigative activity.
c) To start the procedure, the complainant must submit to the NATIONAL DIRECTORATE FOR PERSONAL DATA PROTECTION a document, which must contain a date, signature and clarification; identity document (DNI-CUIL-CUIT), address, the
relationship of the denounced fact with the circumstances of place, time and manner of execution and other elements that may lead to its verification, at least. The documentation and antecedents that confirm their statements and
accredit, at the time of filing the complaint, the prior procedures before the person in charge of the database, when it comes to issues related to the rights of access, updating, rectification, deletion, confidentiality or blocking, regulated in
Articles 14, 16 and 27 of Law No. 25,326.
The NATIONAL DIRECTORATE OF PERSONAL DATA PROTECTION may enable a telematic system to facilitate the filing of the complaint.
d) Once the procedure has been initiated, the person in charge of the database on which the complaint falls will be required, a report on the antecedents and circumstances that they made for the purpose of the complaint or ex officio action, as well as other elements of judgment that
allow to elucidate the matter subject to investigation or control. The required information must be answered within TEN (10) business days, unless the defendant requests an extension in time and form, which may not exceed TEN (10) business days. East
The term may be extended in duly justified cases, taking into account the magnitude and dimension of the database. In his first presentation, the defendant must prove legal status and establish legal address.
e) The acting official will admit the evidence that he deems pertinent only when there are controversial facts and as long as they are not manifestly irrelevant. The denial of the test measures will not be appealable.
f) In the different stages of the procedure, the complainant may be required to provide information or documentation that is pertinent for the elucidation of the investigation.
g) When it is considered "prima facie" that some of the precepts of Law No. 25,326, its regulatory and complementary norms have been violated, a Certificate of Verification will be drawn up, which must contain: place and date, name, surname and document from
identity of the complainant; a succinct account of the facts; the indication of the measures carried out and their result and the provision or provisions allegedly infringed, at least. It will provide for the alleged offender to be summoned so that, within a period of TEN (10)
working days, present your discharge in writing and, if applicable, submit the evidence that you make to your right.
h) Once the investigation is concluded and after the opinion of the permanent legal advisory service of the MINISTRY OF JUSTICE, SECURITY AND HUMAN RIGHTS, the National Director of Protection of Personal Data will dictate the respective provision, which
must declare:
I) that the facts investigated do not constitute an irregularity, or
II) that the investigated facts constitute an infraction, who are responsible and what is the administrative sanction that corresponds to apply, in accordance with the provisions of Law No. 25,326, its regulatory and complementary norms and the provisions of the
DNPDP Provision No. 7 dated November 8, 2005.
The resolution issued must be notified to the offender.
i) The recursive procedure provided for in the REGULATION OF ADMINISTRATIVE PROCEDURES (Decree No. 1759/72 - to 1991) and its amendments will proceed against the final resolution.

j) Once the resolution that imposes an administrative sanction has been issued, the record of the same must be incorporated into the REGISTER OF LAW NUMBER 25,326 OFFENDERS, which is kept by the NATIONAL DIRECTORATE OF PERSONAL DATA PROTECTION. The records
of said Registry regarding those sanctions applied that are firm must be published on the website of the NATIONAL DIRECTORATE OF PERSONAL DATA PROTECTION (www.jus.gov.ar/dnpdpnew).
k) The NATIONAL LAW OF ADMINISTRATIVE PROCEDURES Nº 19,549 will be of supplementary application; the REGULATION OF ADMINISTRATIVE PROCEDURES (Decree No. 1759/72 - to 1991) and its amendments and the CIVIL PROCEDURE CODE
AND COMMERCIAL OF THE NATION ".
Art. 2 - Communicate, publish, give to the National Directorate of the Official Registry and file. - FERNANDEZ DE KIRCHNER. - Aníbal D. Fernández. - Julio C. Alak.

