﻿Page 1 
Legal Norms of Nicaragua 
Subject: Constitutional and Other Fundamental Norms 
Rank: Executive Decrees 
- 
REGULATION OF THE LAW NO. 787 "LAW ON THE PROTECTION OF PERSONAL DATA" 
EXECUTIVE DECREE No. 36-2012, Approved on October 17, 2012 
Published in La Gaceta, Official Gazette No. 200 of October 19, 2012 
The President of the Republic of Nicaragua 
Commander Daniel Ortega Saavedra 
In use of the powers 
conferred by the Political Constitution 
Has dictated 
The next: 
DECREE 
REGULATION OF THE LAW NO. 787 "LAW ON THE PROTECTION OF PERSONAL DATA" 
CHAPTER I 
OBJECT, SCOPE AND DEFINITIONS 
Article 1. Purpose. The purpose of this Regulation is to establish the provisions relating to the development and application of Law No. 787, Personal Data Protection Law, published in La Gaceta, Official Gazette, No. 61 of March 29, 2012. 
Article 2. Scope. This Regulation will be applicable and mandatory for the processing of personal data on physical or electronic media that make it possible to 
access to personal data according to certain criteria, regardless of the form or modality of its creation, type of support, processing, storage and organization. 
Article 3. Definitions. For the purposes of this Regulation, it is understood by: 
a) Informative Notice: Physical, electronic document or in any other format generated by the person responsible for the data file that is made available to the owner of the data, prior to the processing of your personal data, in accordance with the provisions of this Regulation. 
b) Rights of the owner: It refers to the rights of access, rectification, opposition and cancellation of personal data. 
c) DIPRODAP: Personal Data Protection Directorate referred to in Law 787. 
d) Law: Law No. 787, Personal Data Protection Law, published in La Gaceta, Official Gazette, No. 61 of March 29, 2012. 
e) Physical security measures: Set of actions and mechanisms, whether or not they use technology, intended to: a) Prevent unauthorized access, damage or interference to physical facilities, critical areas of the organization, equipment and information; b) Protect mobile, portable or easily removable equipment located inside or outside the facilities; c) Provide the equipment that contains or stores personal data of a maintenance that ensures its availability, functionality and integrity, and d) To guarantee the elimination of data in a secure way. 
f) Organizational security measures: Set of actions and mechanisms to establish the management, support and review of information security at the organizational level, the identification and classification of the information, as well as, the awareness, training and qualification of the personnel, regarding the protection of personal data. These include physical security measures. 
g) Technical security measures: Set of activities, controls or mechanisms with measurable results, which make use of technology to ensure that: a) Access to databases of those responsible for data files is by identified and authorized users; b) The access referred to in the previous paragraph is solely for the user to carry out the activities that required by reason of their duties; c) Actions are included for the acquisition¸ operation, development and maintenance of secure systems, and d) The management of communications and operations of the computer resources used in the processing of personal data. 
CHAPTER II 
CONSENT OF THE DATA HOLDER 
Article 4. Characteristics of the Consent. In accordance with the provisions of articles 4 and 6 of the Law, the consent granted by the owner of the data must be: 
a) Free: without error, bad faith, violence or fraud, which may affect the manifestation of the will of the owner; 
b) Specific: referring to one or more specific purposes that justify the treatment, and 
c) Informed: that the owner is aware of the informative notice prior to the treatment to which their personal data will be submitted and the consequences of granting their consent. 
Article 5. Tacit Consent. Unless the Law requires the express consent of the data owner, the tacit consent will be valid as a general rule, in accordance with the provisions of the Article 4 of these Regulations. 
Article 6. Request for Tacit Consent. When the person in charge intends to collect personal data directly or personally from its owner, he must first make it available to This is the informative notice, which must contain a mechanism so that, where appropriate, the owner can express his refusal to process his personal data for the purposes that are other than those that are necessary and give rise to the legal relationship between the controller and the owner. 
In cases where personal data is obtained indirectly from the owner and a change occurs in the purposes that were consented to in the transfer, the file manager 
of data must make available to the owner the informative notice prior to the use of personal data. When the informative notice is not made known to the owner in a manner direct or personal, the owner will have a period of five business days so that, if applicable, express their refusal to process their personal data for purposes other than those that are necessary and give rise to the legal relationship between the person responsible for the data file and the owner of the data. If the owner does not express his refusal to process his data In accordance with the foregoing, it will be understood that you have given your consent for their treatment, unless proven otherwise. 
When the person responsible for the data file uses mechanisms in remote or local means of electronic, optical or other technology communication, which allow him to collect personal data from automatically and simultaneously at the time that the data owner makes contact with them, at that time the owner must be informed about the use of these technologies, which through the They obtain personal data and the way in which they can be disabled. 
Article 7. Express Consent. The person responsible for the data file must obtain the express consent of the data owner when: 
a) Required by law or regulation; 
b) In the case of financial or patrimonial data; 
c) In the case of sensitive data; 
d) The person in charge requests it to prove it, or 
e) It is thus agreed by the data owner and the person responsible for the data file. 
Article 8. Request for Express Consent. When express consent is required by law, the person responsible for the data file must provide the data owner with a simple means and free so that, where appropriate, you can express it. 
Article 9. Verbal Consent. Express consent is considered to be granted verbally when the owner expresses it orally in person or through the use of any 
technology that allows oral dialogue. 
Article 10. Written Consent. The express consent will be considered to be granted in writing when the owner expresses it by means of a document with his autograph signature, fingerprint or any other mechanism authorized by law. In the case of the digital environment, electronic signature or any mechanism or procedure that is established for that purpose and allows to identify to the owner and obtain their consent. 
Article 11. Evidence to demonstrate obtaining consent. For the purposes of demonstrating the obtaining of consent, the burden of proof will fall in all cases, on the responsible for the data file. 
Article 12. Revocation of Consent. At any time, the data owner may revoke their consent for the processing of their personal data, for which the person responsible for the Data file must establish simple and free mechanisms that allow the owner to revoke his consent at least by the same means by which he granted it. 
When the owner requests confirmation of the cessation of the processing of their personal data, the person responsible for the data file must respond in writing to said request. 
In the event that the personal data had been sent prior to the date of revocation of consent and continues to be processed by third parties, the person in charge must make their knowledge of said revocation, so that they proceed to carry out what is necessary. 
Article 13. Procedure for refusal to cease data processing. In case of refusal by the person responsible for the data file to cease processing these before the 
revocation of consent, the data owner may submit the corresponding complaint to DIPRODAP. 
CHAPTER III 
OBLIGATION TO INFORM THE DATA HOLDER 
Article 14. Obligation to inform the Data Owner. The person responsible for the data file must inform the owner of the data in advance of the information provided for in article 7 of the Law through an informative notice in accordance with the provisions of this Chapter. 
Article 15. Characteristics of the Informative Notice. The informative notice must be characterized by being simple, with the necessary information, expressed in clear and understandable language, and with a structure and design that facilitate its understanding. 
Article 16. Media. For the dissemination of the informative notice, the person responsible for the data file may use physical, electronic or any other nature formats, provided that when you can verify that you fulfilled the duty to inform the owner of the data. In all cases, the burden of proof will fall on the person responsible for the data file. 
The DIPRODAP may issue a general rule that regulates other aspects related to what is established in this Chapter. 
CHAPTER IV 
SECURITY MEASURES FOR THE PROTECTION OF PERSONAL DATA 
Article 17. Development and Implementation of Security Measures. For the purposes of what is established in article 11 of the Law, those responsible for data files must develop and implement technical and organizational security measures that are necessary to guarantee the integrity, confidentiality and security of the personal data they process. These measures They must be proportional to their operations, the risks inherent to them and the size of the data files they manage, and they will be subject to the approval of DIPRODAP, which may establish minimum safety standards through general regulations issued for this purpose. 
CHAPTER V 
RIGHTS OF THE DATA HOLDER 
Section I 
General disposition 
Article 18. Persons empowered to exercise rights. The rights referred to in the Law and this Regulation may be exercised by: 
a) The owner of the data, upon presentation of the required identity document in accordance with the law on the matter. 
Electronic instruments by means of which it is possible to identify the owner of the data, or other authentication mechanisms allowed by others, may also be admissible. legal provisions, or those previously established by the person responsible for data files. The use of the electronic instrument that replaces it will exempt the presentation of the identification document referred to in this subsection, and 
b) The representative of the owner of the data, upon presentation of the sufficient power of representation and identity document required in accordance with the law on the matter. 
c) The parents or guardians of the data owner, in the case of minors, upon presentation of the minor's birth certificate and the parents' identity card. In the case of the guardian, the legal document that proves it as such. 
d) The universal successors of the owner of the data, in the case of deceased persons, upon presentation of the legal document that proves it as such and the death certificate. 
Article 19. Means for the exercise of rights . The owner of personal data, for the exercise of their rights, may submit the respective request to the person in charge of the file of data in accordance with the means established in the Law. 
The person responsible for the data file may establish forms, systems and other simplified methods to facilitate the data holders the exercise of their rights, which must be given to know through the informative notice referred to in this Regulation. 
Article 20. Public Attention Services. The person responsible for the data file must have customer service services to attend to the requests of the data holders. 
Article 21. Gratuity of the Exercise of the Right to Modify Data. In accordance with article 21 of the Law, the exercise of data modification rights will be free. 
The person responsible for the data file may not establish as the only way to submit requests for the exercise of the rights of the owner any service or means that involves costs. 
Article 22. Registration of Applications. The person responsible for data files must process any request made by the owner of personal data in the exercise of their rights. The deadline for If the request is dealt with as established in literal b) of article 19 of the Law, it will begin to be computed from the day it has been received by the person responsible for the data file, in which case, he / she will write down the corresponding date of receipt in the acknowledgment of receipt delivered to the owner. 
The indicated period will be interrupted in the event that the person in charge requires information from the owner, in terms of the provisions of the following article. 
Article 23. Request for Additional Information. In the event that the information provided in the request is insufficient or erroneous to attend to it, the person responsible for data files may require the owner, once and within five (5) business days following receipt of the request, to provide the elements or documents necessary to process it. 
The holder will have ten (10) business days to meet the request, counted from the day after it has been received. Failure to respond within said period will be deemed not submitted the corresponding request. 
In the event that the owner of the data meets the request for information, the period for the person responsible for the data file to respond to the request will begin to run on the next business day. that the owner has met the request. 
Article 24. Response by the Responsible Party. In all cases, the person responsible for the data file must respond to the requests received from the owner of the data, with regardless of whether or not the applicant's personal data appears in their databases. 
The response to the applicant must refer exclusively to the personal data that have been specifically indicated in the corresponding application, and must be presented in a legible format, understandable and easily accessible. In case of use of codes, acronyms or keys, the corresponding meanings must be provided. 
Section II 
Right of access 
Article 25. Right of Access. In accordance with the provisions of article 17 of the Law, the owner of personal data has the right to request and obtain from the person responsible for data files their data personal information, as well as information regarding the conditions and generalities of the treatment of these. 
Article 26. Means for the fulfillment of the Right of Access. The obligation to give access to personal data will be considered fulfilled when the person responsible for the data file puts disposition of the owner the personal data in their offices, or, provide them through the means provided in article 18, paragraph c) of the Law, the sender must keep the record corresponding shipping and receiving. In all cases, access must be in readable or understandable formats for the owner. 
Article 27. Gratuity of the exercise of the Right of Access to Data. 
The data holders will have the right to access them as follows: 
a) When you request information from DIPRODAP regarding the existence of personal data files, their purposes and the identity of those responsible, free of charge; Y 
b) When you request information from the person responsible for the data file regarding your personal data and the treatment given to them, free of charge once a year, and paying a charge that cover the cost of processing, as many times as you want. 
Section III 
Right of Rectification 
Article 28. Right of Rectification. In accordance with the provisions of article 19 of the Law, the owner may at any time request the person responsible for the data file to rectify their personal data that turns out to be inaccurate or incomplete. 
Article 29. Requirements for the exercise of the Right of Rectification. The request for rectification must indicate what personal data it refers to, as well as the correction to be made and it must be accompanied by the documentation that supports the origin of the request. The person responsible for the data file may offer mechanisms that facilitate the exercise of this right in holder's benefit. 
Section IV 
Right of Cancellation 
Article 30. Right of Cancellation. The cancellation implies the cessation of the treatment by the person in charge of the data file, from a blocking of the same and its subsequent deletion. 
Article 31. Exercise of the Right of Cancellation. Except in the cases provided for in article 19, literal a), second paragraph, of the Law, the owner of the data may request at any time the responsible for the data file cancellation of personal data when they are no longer necessary or relevant for the purpose that gave rise to their treatment or when they consider that they are not being treated in accordance with said Law and these Regulations. 
The cancellation will proceed with respect to all the personal data of the owner, contained in a database, or only part of them, as requested. 
Article 32. Blocking. If the cancellation is appropriate, the person responsible for the data file must: 
a) Establish a blocking period for the sole purpose of determining possible responsibilities in relation to their treatment until the legal or contractual limitation period of these, and notify the data owner or his representative in response to the cancellation request; 
b) Attend the appropriate security measures for the blockade; 
c) Once the blocking period has elapsed, carry out the corresponding deletion, under the security measures previously established by the person responsible for the data file. 
Article 33. Purposes of the Blockade. In terms of article 3, literal b) of the Law, the purpose of the blockade is to prevent the treatment, except for storage, or possible access by any person, unless a legal provision provides otherwise. 
The blocking period will be up to the corresponding legal or contractual limitation period and after this, the personal data in the data file in the 
that are found. 
Section V 
Right of Opposition 
Article 34. Right of Opposition. For the purposes of what is established in article 9, second paragraph of the Law, the owner of the data has the right not to carry out the treatment of their personal data or it ceases in it, when you have not given your consent for its collection because it has been taken from publicly accessible sources. 
Even if they have given their consent, the owner of the data has the right to oppose the processing of their data, if they prove the existence of well-founded and legitimate reasons related to a specific personal situation that justifies the exercise of this right. 
In the event that the opposition is justified, the person responsible for the data file must cease the treatment that gave rise to the opposition. 
The exercise of the right of opposition will not proceed in those cases in which the treatment is required by law. 
CHAPTER VI 
PROCEDURE TO FILE THE PERSONAL DATA PROTECTION ACTION 
Section I 
General disposition 
Article 35. On the investigation and investigation of the file. When the DIPRODAP becomes aware of any infringement of the Law, its Regulations and other related provisions, it will initiate the investigation and investigation of the file in accordance with the administrative procedure established in this Regulation. 
Article 36. Initiation of the data protection procedure through administrative channels. For the purposes of what is established in article 47 of the Law, the procedure will begin at the request of the owner of the data or of their legal representative, clearly expressing the content of their claim and the precepts of the Law that are considered violated. The data protection action personal must be presented to the DIPRODAP. 
Once the request for personal data protection action has been received by DIPRODAP, it will be transferred to the person responsible for the data file, so that, within fifteen business days, issue a response, offer the evidence you deem pertinent and state in writing what you see fit. 
The DIPRODAP will admit the evidence it deems pertinent. Likewise, you may request from the person responsible for the data file the other tests that you deem necessary. Analysis process completed of the evidence, the DIPRODAP will notify the person responsible of the right that assists him so that, if he considers it necessary, he can present his arguments within the five working days following his notification. 
The DIPRODAP will decide on the request for data protection action formulated, once the evidence and other elements of conviction that it deems pertinent have been analyzed, such as Those that derive from the hearing or hearings held with the parties. 
Article 37. Term to resolve. The maximum term that the DIPRODAP has to dictate the resolution in the procedure of requests for action for the protection of personal data will be fifty (50) business days, counted from the date of submission of the corresponding action request. When there is just cause, the DIPRODAP may extend once and up to one period equal this term. 
Article 38. Presentation of incomplete applications. In the event that the request for action for the protection of personal data does not satisfy any of the information requirements to which it refers Article 42 of this Regulation, and the DIPRODAP does not have elements to correct it, the owner of the data will be prevented, for a single occasion, to correct the omissions within a period of five (5) business days from the respective notification. Once the period has elapsed without the notified omissions being completed or remedied, the application will be deemed not submitted. of action of protection of personal data. The prevention will have the effect of interrupting the period that the DIPRODAP has to resolve the request for data protection action. 
Article 39. Grounds for denial of requests for action. The request for action to protect personal data will be denied as inappropriate in the following cases: 
a) When the DIPRODAP is not competent; 
b) When the DIPRODAP has previously known of the request for action to protect personal data against the same act and ultimately resolved with respect to the same appellant; 
c) When a remedy or means of defense filed by the owner of the data that may have the effect of modifying or revoking the act is being processed before the competent courts respective; or 
Article 40. Conciliation. Once the request for data protection action is admitted, DIPRODAP will summon the parties to a conciliation process between the owner of the data and the person in charge. of the data file. 
Article 41. Conciliation procedure. Once the request is admitted, the DIPRODAP will promote conciliation between the parties, which will be carried out following the procedure that for this purpose establish the DIPRODAP through general regulations. 
If a conciliation agreement is reached between the parties, it will be recorded in writing and will have binding effect. The request for action to protect personal data will be without effect and DIPRODAP will verify compliance with the respective agreement. 
Article 42. Resolutions favorable to the applicant. In the event that the personal data protection action is favorable to the applicant, DIPRODAP will require the person responsible for the file of data that within ten (10) business days following the notification of the respective resolution, make effective the exercise of the right to action for the protection of personal data, and must Report such compliance in writing to DIPRODAP within the following ten (10) business days. 
The person responsible for the data file will proceed to comply with the resolution issued by DIPRODAP at no cost to the applicant. 
Section II 
Particular Provisions 
Article 43. Information requirements of the application. The request for action to protect personal data will be submitted to DIPRODAP, in writing, and must contain the following information: 
a) The name of the owner of the data or, where appropriate, that of their legal representative; 
b) The name of the person responsible for the data file that motivated the presentation of the personal data protection action; 
c) The acts that motivate your request for action to protect personal data; 
d) The evidence you offer to prove your claims; 
e) The address to hear and receive notifications; Y 
f) The other elements deemed appropriate to be made known to the DIPRODAP. 
Article 44. Deadline to admit the request. The DIPRODAP must admit or reject the request for action to protect personal data within a period of no more than ten (10) business days from of its reception. 
Once the request is accepted, the DIPRODAP will notify the applicant and will send it to the person responsible for the data file, within a period of no more than ten (10) business days, attaching a copy of all the documents that the applicant may have provided, in order to express what is appropriate to their right within a period of fifteen (15) business days from the notification, having to offer the evidence that you consider pertinent. 
Article 45. Admission or rejection of evidence. The DIPRODAP will decide on the admission or rejection of the tests presented by the person responsible for the data file, and if necessary, these They will be evacuated in a hearing, of which the place, date and time will be notified to the parties. 
Article 46. Presentation of final arguments. Once the resolution has been issued that considers all the evidence evacuated, the proceedings will be made available to the parties so that they, in case of want it, make arguments within a period of five (5) business days, counted from the notification of the resolution referred to in this article. At the end of this period, the instruction will be closed and the DIPRODAP will issue its final resolution. 
Article 47. Third party interested. In the event that no interested third party has been indicated, the latter may appear in the procedure by means of writing in which he or she proves legal interest for intervene in the matter, until before the closing of the instruction. You must attach to your writing the document proving your personality when you are not acting on your own behalf and the evidence documentaries it offers. 
Article 48. Appeals against the Resolutions of the DIPRODAP. Against the resolutions issued by the DIPRODAP, the appeals provided for in article 52 of the Law may be filed. CHAPTER VII 
INSPECTION PROCEDURE 
Article 49. Beginning of the procedure. In order to verify compliance with the provisions set forth in the Law or in the regulation derived from it, the DIPRODAP may, ex officio or party request, start the inspection procedure, requiring the person responsible for the data file the necessary documentation or making visits to the establishment where the find the respective databases. 
Any person may report to DIPRODAP the alleged violations of the provisions set forth in the Law or in the regulation that derives from it. In this case, the DIPRODAP will accuse receipt of the same and may request the complainant the documentation that he deems pertinent to determine the origin or not of the complaint presented. 
Article 50. Inspection visits. The data file inspectors who carry out inspection visits must be provided with the inspection order signed by the authority 
competent authority of the DIPRODAP, in which the information established in article 43 of the Law must be specified. 
Article 51. Identification of the Data File Inspectors. For the purposes of what is established in article 33 of the Law, at the beginning of the visit, the data file inspectors must display a valid credential with a photograph, which contains your full name and surname, and employee number, issued by the DIPRODAP that accredits you to perform this function, as well as the grounded and motivated written order referred to in the previous article, of which you must leave a copy with whom the visit was understood. 
Article 52. Inspection Certificate. The inspection visits will conclude with the drawing up of the corresponding minutes, which will record the actions carried out during the visit or inspection visits. Said record shall be drawn up in the presence of two witnesses proposed by the person with whom the diligence was understood or by the person who performs it if it had been refused to propose them. 
The record issued in duplicate will be signed by the respective inspector and by the person in charge of the data file, person in charge or with whom the action has been understood, who may state what that suits your right. 
In the event that the person responsible for the data file or person in charge refuses to sign the minutes, this circumstance will be expressly stated therein. Such refusal will not affect the validity of the proceedings or the act itself. The signature of the person in charge or in charge will not imply their agreement, but only the receipt of it. 
The inspector must deliver one of the originals of the inspection report to the person responsible for the data file, incorporating the other into the actions. 
Article 53. Content of the Inspection Records. The following shall be recorded in the inspection records: 
a) Name, denomination or company name of the person responsible for the data file; 
b) Time, day, month and year in which the inspection begins and ends; 
c) The address of the offices of the person responsible for the data file where the inspection is carried out, as well as, telephone number, fax, email 
or other form of communication available; 
d) Number and date of the order that motivated it; 
e) Name and title of the person with whom the inspection was made; 
f) Name and address of the persons who acted as witnesses; 
g) Data relating to the performance; 
h) Declaration of the person in charge of the data file or person in charge, if he wishes to do so, and 
i) Name and signature of those who participated in the inspection, including those who carried it out. If the inspected person, their legal representative or the person with whom they who understood the inspection, this will not affect the validity of the record, and the inspection staff must state the relative reason. 
Those responsible for data files to whom an inspection certificate has been drawn up, may make observations in the act of inspection and express what is appropriate to their right in in relation to the facts contained therein, or in writing within the term of five (5) business days following the date on which it was raised. 
Article 54. Resolution. The inspection procedure will conclude with the resolution issued by the DIPRODAP, in which, where appropriate, the measures to be taken by the person in charge will be established. of the data file within the term that it establishes. 
The resolution of the DIPRODAP may instruct the beginning of the procedure for imposing sanctions or establish a term for its initiation, which will be carried out in accordance with the provisions of the Law and these Regulations. 
The resolution of the DIPRODAP will be notified to the person in charge of the inspected data file and to the complainant. 
Article 55. Means of Challenge. Against the resolution issued by DIPRODAP, the appeals provided for in article 52 of the Law may be filed. 
CHAPTER VIII 
SANCTIONING PROCEDURE 
Article 56. Start. The DIPRODAP will initiate the procedure of imposing sanctions when it determines presumed infractions to the Law and the regulations that derive from it, susceptible to be sanctioned in accordance with article 46 of the same. Once the respective procedure is finished, the corresponding resolution will be issued. 
The procedure will begin with the notification made to the alleged offender, at the address that the DIPRODAP has registered. 
The notification will be accompanied by a report that describes the constitutive facts of the alleged infringement, summoning the alleged infringer so that within a period of fifteen (15) business days, counted from the notification, state what you see fit and render the evidence you deem appropriate. 
Article 57. Offering and Evacuation of Evidence. The alleged offender in his answer will specifically state with respect to each of the facts that are imputed to him in a manner expresses, affirming, denying them, pointing out that he ignores them because they are not his own or exposing how they occurred, as the case may be; and it will present the arguments by means of which it distorts the alleged offense and the corresponding evidence. 
In the event that expert or testimonial evidence is offered, the facts on which they must relate will be specified and the names and addresses of the expert or witnesses will be indicated, displaying the questionnaire or the respective interrogation in preparation of the same. Without these indications, said tests will be considered not offered. 
Article 58. Admission or Rejection of Evidence. Once the evidence has been presented by the alleged offender, the DIPRODAP must decide whether to admit or reject it, and it will proceed to its evacuation. 
If necessary, the place, date and time for the evacuation of evidence will be determined, which by their nature require it. A record of the holding of the hearing and the evacuation will be drawn up. Of the tests. 
Article 59. Closing of Instruction and Resolution. Once the evidence has been evacuated, if applicable, the alleged offender will be notified that he has five (5) business days to present allegations, counted at from the day after the notification takes effect. At the end of said period, the instruction will be closed and the resolution of the DIPRODAP must be issued within a period of no more than fifty (50) business days, following the start of the procedure. 
When there is just cause, the DIPRODAP may extend once and for an equal period the period of fifty days referred to in the preceding paragraph. 
Article 60. Means of Challenge. Against the resolution issued by DIPRODAP, the appeals provided for in article 52 of the Law may be filed. 
CHAPTER IX 
FINAL PROVISIONS 
Article 61. Exceptions. For the purposes of what is established in article 24 of the Law, the National Police and the Nicaraguan Army may issue the administrative provisions corresponding to the processing of personal data contained in its data files, without detriment to the provisions of the Law and these Regulations. 
Article 62. Regulatory Power. In accordance with the powers established in article 29, subsection b) of the Law, it will correspond to the DIPRODAP to regulate by means of general regulations and administrative provisions, aspects that are necessary to comply with the precepts established in the Law and in these regulations. 
Article 63. Validity . These regulations will enter into force as of its publication in La Gaceta, Official Gazette. 
Given in the City of Managua, Government House, Republic of Nicaragua, on the seventeenth day of October of the year two thousand twelve. Daniel Ortega Saavedra, President of the Republic of Nicaragua. Iván Acosta Montalván, Minister of Finance and Public Credit. 
- 
National Assembly of the Republic of Nicaragua. 
Carlos Núñez Téllez Legislative Complex. 
General Augusto C. Sandino Pedestrian Avenue 
Benjamin Zeledón Building, 7mo. Flat. 
Direct Telephone: 22768460. Ext .: 281. 
Send your comments to: Legislative Information Division 
Note : Any difference between the Text of the Law printed and the one published here, we request that it be communicated to the Legislative Information Division of the National Assembly of Nicaragua.