Page 1

A Peruvian man

491320

LAWS

Lima, Friday March 22, 2013

of the National Superintendency of Migration MIGRATIONS, because their participation will contribute,
among other aspects, to share knowledge in order to
make the movement of people more viable between
both countries;
That, the expenses for the concept of terrestrial passages
and travel expenses will be assumed by the Executing Unit
001: General Administration Office of the Sheet 007,
Ministry of Interior;
That, the penultimate paragraph of numeral 10.1 of the
Article 10 of Law No. 29951, Budget Law
of the Public Sector for Fiscal Year 2013 establishes,
regarding the trips abroad of servers or
public officials and representatives of the State
charged to public resources, that the requirement
of additional exceptions to those indicated in the
literals of said numeral, in the case of entities
of the Executive Power, it must be channeled through
the Presidency of the Council of Ministers and authorizes
through a supreme resolution endorsed by the
President of the Council of Ministers;
With the approval of the General Advisory Office
Legal Department of the Interior Ministry; Y,
In accordance with the provisions of Law No.
27619, Law that regulates the authorization of trips abroad
of servers and officials and its approved Regulation
through Supreme Decree No. 047-2002-PCM; the law
No. 29951, Public Sector Budget Law for
Fiscal Year 2013; Legislative Decree No. 1130 that
creates the National Superintendency of Migration
- MIGRATIONS; Legislative Decree No. 1135, which
approves the Law of Organization and Functions of the Ministry
of the Interior and the Regulation of Organization and Functions
of the Ministry of the Interior approved by Decree
Supreme N ° 002-2012-IN;

JUSTICE AND RIGHTS
HUMANS
Regulations of the Law are approved
No. 29733, Data Protection Law
Personal
SUPREME DECRET
No. 003-2013-JUS
THE PRESIDENT OF THE REPUBLIC
CONSIDERING:
That, article 2 numeral 6 of the Political Constitution
Peru indicates that everyone has the right to
computerized services, computerized or not, public
or private, do not provide information that affects the
personal and family privacy;
That, Law No. 29733, Data Protection Law
Personal, has the purpose of guaranteeing the right
fundamental to the protection of personal data,
provided for in the Political Constitution of Peru;
That, article 32 of the limited Law No. 29733, provides
that the Ministry of Justice and Human Rights assumes the
National Authority for the Protection of Personal Data;
That, the First Final Complementary Provision of
Law No. 29733, provided for the establishment of a Commission
Multisectoral, chaired by the National Authority for
Protection of Personal Data, for the elaboration of the
corresponding Regulation;
That, the Multisectoral Commission formed by
Supreme Resolution No. 180-2011-PCM has prepared
the draft Regulation of Law No. 29733, Law
Protection of Personal Data, which has been
pre-published according to law, receiving contributions from
the citizenship and community in general;
That, in this sense, it is appropriate to approve the
Regulation of Law No. 29733, Law for the Protection of
Personal information;
In accordance with the provisions of Law No. 29733,
Personal Data Protection Law; Law No. 29158,
Organic Law of the Executive Power; and Law No. 29809, Law
of Organization and Functions of the Ministry of Justice and
Human rights;

RESOLVED:
Article 1.- Authorize the trip abroad, in
Utilities Commission, Miss Janneth
Capacoila Grimaldos, Migration Inspector
of the National Superintendency of Migration
- MIGRATIONS, from March 25 to 26, 2013, to
the city of Copacabana - Plurinational State of
Bolivia, to participate in the I Meeting of the Committee
of the Altiplánico Peru-Bolivia Border.
Article 2.- Travel expenses
and land passages caused by the trip he makes
referring to the preceding article, they will be made with
charge to the Executing Unit 001: General Office of
Administration of Sheet 007, Ministry of the Interior, of
according to the following detail:

DECREE:
Article 1.- Approval
Approve the Regulation of Law No. 29733, Law of
Protection of Personal Data, consisting of VI Titles,
one hundred thirty-one (131) Articles, three (03) Provisions
Complementary Finals and three (03) Provisions
Complementary Transitory, which is an integral part
of this Supreme Decree.

Land Passages: S /. 108.06
Travel expenses (for 2 days): S /. 1,080.00
Article 3.- Within fifteen (15) calendar days
after the trip, the designated servant must
present a detailed report to the Head of the Sector
describing the actions taken and the results
obtained during the authorized trip; as well as surrender
of accounts duly documented.
Article 4.- This Supreme Resolution does not
will give the right to exemption or release of taxes from
no class or denomination.
Article 5.- This Supreme Resolution will be
endorsed by the President of the Council of Ministers and
by the Minister of the Interior.

Article 2.- Publication
This Supreme Decree and the Regulations of the
Law No. 29733, Personal Data Protection Law,
approved by the preceding article, they must be
published on the Institutional Portal of the Ministry of
Justice and Human Rights (www.minjus.gob.pe).
Article 3.- Validity
The approved Regulation will enter into force on
term of thirty (30) business days from the day
following the publication of this Supreme Decree
in the Official Gazette El Peruano.

Sign up, communicate and get published.

Article 4.- Endorsement
This Supreme Decree will be endorsed by the
Minister of Justice and Human Rights.

HUMALA TASSO OLLANTA
Constitutional President of the Republic

Given at the Government House, in Lima, at twenty-one
days of the month of March of the year two thousand thirteen.

JUAN F. JIMÉNEZ MAYOR
President of the Council of Ministers

HUMALA TASSO OLLANTA
Constitutional President of the Republic

WILFREDO PEDRAZA SIERRA
Minister of the Interior

EDA A. RIVAS FRANCHINI
Minister of Justice and Human Rights

915560-3

Page 2

A Peruvian man

491321

LAWS

Lima, Friday March 22, 2013

personal, which consists of deleting or suppressing the data
personal data bank.

REGULATION OF LAW No. 29733
PERSONAL DATA PROTECTION LAW

4. Personal data: It is that information
numerical, alphabetic, graphic, photographic, acoustic, envelope
personal habits, or of any other kind concerning
to the natural persons that identifies them or makes them
identifiable through means that can be
reasonably used.

Index
Title I

General disposition.

Title II

Guiding principles.

Title III Treatment of personal data.

5. Personal data related to health:
It is that information concerning past health,
present or forecasted, physical or mental, of a person,
including degree of disability and your information
genetics.

Chapter I Consent.
Chapter II Limitations on consent.
Chapter III Transfer of personal data.
Chapter IV Special data processing
personal.
Chapter V Security measures.

6. Sensitive data: It is that relative information
to personal data referring to physical characteristics,
moral or emotional facts or circumstances of
your emotional or family life, the personal habits that
correspond to the most intimate sphere, the information
related to physical or mental health or other analogous that
affect your privacy.

Title IV Rights of the data holder
personal.
Chapter I General provisions.
Chapter II Special provisions.
Chapter III Guardianship procedure.

7. Days : Business days.
Title V National Registry of Protection of
Personal information.

8. Directorate General for Data Protection
Personal: It is the body in charge of exercising the
National Authority for the Protection of Personal Data a
referred to in article 32 of the Law, being able to use
indistinctly any of these denominations.

Chapter I General provisions.
Chapter II Registration procedure.
Chapter III Registration procedure for
codes of conduct.

9. Issuer or exporter of personal data: It is the
owner of the personal data bank or the one that results
responsible for the treatment located in Peru that you carry out,
in accordance with the provisions of these regulations, a
transfer of personal data to another country.

Title VI Infractions and sanctions.
Chapter I Inspection procedure.
Chapter II Penalty procedure.
Chapter III Sanctions.

10. Responsible for the treatment: It is who performs
the processing of personal data, which may be
the owner of the personal data bank or the
manager of the personal data bank or another person
commissioned by the owner of the personal data bank in
by virtue of a legal relationship that binds you to the same
and delimits the scope of its action. Includes who
carry out the processing of personal data by order of the
responsible for the treatment when it is carried out without the
existence of a personal data bank.

Final Complementary Provisions and
Transitory

TITLE I
General disposition
Article 1.- Purpose.
The purpose of this regulation is to develop the
Law No. 29733, Personal Data Protection Law, in
forward the Law, in order to guarantee the fundamental right
to the protection of personal data, regulating a
adequate treatment, both by public entities,
as by the institutions belonging to the sector
private. Its provisions constitute rules of order
public and mandatory.

11. Receiver or importer of personal data:
It is any natural or legal person of private law,
including branches, subsidiaries, related parties or similar;
or public entities, which receives the data in case of
international transfer, either as owner or manager
from the personal data bank, or as a third party.
12. Rectification: It is that generic action
intended to affect or modify a database
personal either to update it include information
in it or specifically rectify its content with data
exact .

Article 2.- Definitions.
For the purposes of applying this
regulation, without prejudice to the definitions contained in
The Law, in addition, means the following
definitions:

13. Repertoire of jurisprudence: It is the bank of
judicial or administrative resolutions that are organized
as a source of consultation and intended for knowledge
public.

1. Non-automated personal data bank:
Non-computerized natural persons data set
and structured according to specific criteria, which allows
access data without undue effort
personal, whether centralized, decentralized or
distributed in a functional or geographical way.

14. Responsible for the treatment: It is the one who decides
on the processing of personal data, even when not
are in a personal data bank.

2. Blocking: It is the measure by which the person in charge of the
personal data bank prevents access by third parties
to the data and these cannot be processed,
during the period in which any
request for update, inclusion, rectification or
deletion, in accordance with the provisions of the third
paragraph of article 20 of the Law.
It is also provided as a step prior to cancellation
for the time necessary to determine possible
responsibilities in relation to the treatments, during the
statutory or contractually prescribed period of limitation.

15. Third: It is any natural person, legal person
private law or public entity, other than the owner
of personal data, of the owner or manager of the bank
of personal data and of the person responsible for the treatment,
including those who process the data under authority
direct from those.
The reference to "third party" made in article 30 of the
Law constitutes an exception to the meaning provided in
this numeral.

3. Cancellation: It is the action or measure that in the Law
is described as deletion, when it refers to data

Article 3.- Scope of application.
This regulation is applicable to the treatment
of the personal data contained in a data bank

Page 3

A Peruvian man

491322

LAWS

Lima, Friday March 22, 2013

personal or intended to be contained in banks of
personal information.
In accordance with the provisions of paragraph 6 of the article
2 of the Political Constitution of Peru and article 3 of the
Law, this regulation will apply to all modalities
processing of personal data, whether carried out by
natural persons, public entities or institutions of the
private sector and regardless of the support in the
that they are.
The existence of particular rules or regimes
or special, even when they include regulations on
personal data, does not exclude public entities
or private institutions to which said regimes are
apply from the scope of the Law and this
regulation.
The provisions of the preceding paragraph do not imply the
repeal or non-application of the particular rules, in
as long as its application does not affect the right to
the protection of personal data.

of legal persons residing abroad,
It will be understood that it is the place in which it is located
the main administration of the business in the territory
Peruvian, or failing that designated, or any
stable installation that allows the effective exercise or
real of an activity.
If it is not possible to establish the home address
or the establishment, you will be considered domiciled
unknown in Peruvian territory.
TITLE II
Guiding principles
Article 6.- Guiding principles.
The owner of the personal data bank, or where appropriate,
who is responsible for the treatment, must comply
with the guiding principles of data protection
personal, in accordance with the provisions of the Law,
applying the development criteria established in
the present title of the regulation.

Article 4.- Exceptions to the scope of application.
The provisions of this regulation will not be
application to:

Article 7.- Principle of consent.
In keeping with the principle of consent, the treatment
of personal data is lawful when the owner of the data
staff has given their free, prior consent,
express, informed and unequivocal. Formulas are not supported
of consent in which it is not expressed
directly, such as those in which it is required
presume, or assume the existence of a will that
it has not been express. Even the consent given
with other statements, it must be manifested in the form
express and clear.

1. The processing of personal data carried out by
natural persons for exclusively domestic purposes,
personal or related to your private or family life.
2. The contents or intended to be contained in
personal data banks of the public administration,
only insofar as their treatment is necessary for the
strict compliance with powers assigned by law
to the respective public entities as long as they have
by object:
2.1 National defense.
2.2 Public safety and,
2.3 The development of activities in criminal matters to
investigation and repression of crime.

Article 8.- Principle of purpose.
In view of the principle of purpose, it is considered
that a purpose is determined when it has been
expressed clearly, without confusion and when
objectively specifies the object that will have the
treatment of personal data.
In the case of a personal data bank that
contain sensitive data, their creation can only be
justified if its purpose, in addition to being legitimate, is
concrete and in accordance with the activities or explicit purposes
of the owner of the personal data bank.
Professionals who perform the treatment of any
personal data, in addition to being limited by the purpose
of their services, they are obliged to keep
professional secret.

Article 5.- Scope of territorial application.
The provisions of the Law and of these regulations
apply to the processing of personal data
when:
1. It is carried out in an establishment located in
Peruvian territory corresponding to the bank owner
personal data or who is responsible for the
treatment.
2. It is carried out by a person in charge of the treatment,
regardless of location, on behalf of a holder
of personal data bank established in the territory
Peruvian or whoever is responsible for the treatment.
3. The owner of the personal data bank or who
is responsible for the treatment is not established in
Peruvian territory, but applicable law
Peruvian, by contractual provision or the law
international; Y
4. The owner of the personal data bank or who
is responsible is not established in the territory
Peruvian, but use means located in that territory,
unless such means are used solely for the purpose
traffic that do not involve treatment.

Article 9.- Principle of quality.
In keeping with the principle of quality , the data
contained in a personal data bank, they must
adjust precisely to reality. It is presumed that
data directly provided by the owner thereof
they are exact.
Article 10.- Principle of security.
In attention to the principle of safety, in the treatment
of personal data, the measures of
security that are necessary in order to avoid any
treatment contrary to the Law or this regulation,
including adulteration, loss,
deviations of information, intentional or not, whether
that the risks come from human action or from
technical medium used.

For these purposes, the person in charge must provide
the means that are necessary for the cash
compliance with the obligations imposed by the Law and
these regulations and will designate a representative or
implement sufficient mechanisms to be in
possibilities to comply effectively, in territory
Peruvian, with the obligations imposed by the legislation
Peruvian.
When the owner of the personal data bank or who
It turns out that the person responsible for the treatment is not
established in Peruvian territory, but the person in charge of the
treatment is, the latter will be applicable
the provisions relating to security measures
contained in these regulations.
In the case of natural persons, the establishment
It will be understood as the place where the
main seat of their business, or the one they use for
performance of their activities or their domicile.
In the case of legal persons, it will be understood
as the establishment the place where you are
the main management of the business. If it's about

TITLE III
Processing of personal data
Chapter I
Consent
Article 11.- General provisions on
consent to data processing
personal.
The owner of the personal data bank or whoever is
as the data controller, you must obtain the
consent to the processing of personal data,
in accordance with the provisions of the Law and the
these regulations, except for the established assumptions
in article 14 of the Law, in which numeral 1) is
including the processing of personal data that

Page 4

A Peruvian man

491323

LAWS

Lima, Friday March 22, 2013

is essential to implement interoperability
between public entities.
The consent request must refer to
a specific treatment or series of treatments, with
express identification of the purpose or purposes for the
that the data is collected; as well as the other conditions
that concur in the treatment or treatments, without
prejudice to the provisions of the following article on the
characteristics of consent.
When consent is requested for a form
treatment that includes or may include the transfer
national or international data, the owner of the
themselves must be informed so that they know
unequivocally such circumstance, in addition to the purpose
to which your data will be used and the type of activity
developed by who will receive them.

to. The identity and address or address of the owner
of the personal data bank or the person in charge
of the treatment to which you can go to revoke the
consent or exercise your rights.
b. The purpose or purposes of the treatment to which
your data will be submitted.
c. The identity of those who are or can be their
recipients, if applicable.
d. The existence of the personal data bank in which
will be stored, where appropriate.
and. The mandatory or optional nature of your responses
to the questionnaire that is proposed, when it is the case.
F. The consequences of providing your data
personal information and their refusal to do so.
g. Where appropriate, the national and international transfer
of data that are made.

Article 12.- Characteristics of consent.
In addition to the provisions of article 18 of the Law
and in the preceding article of this regulation, the
Obtaining consent must be:

Article 13.- Privacy policies.
The publication of privacy policies, I agree
as provided in the second paragraph of article 18 of the
Law, should be understood as a form of compliance
of the duty of information that does not exempt from the requirement
to obtain the consent of the owner of the data
personal.

1. Free : Without error, bad faith, violence or fraud
that may affect the expression of the will of the owner
of personal data.
The giving of gifts or the granting of
benefits to the owner of personal data on the occasion of
your consent does not affect the condition of freedom that
has to grant it, except in the case of minors,
in the cases in which your consent is admitted, in
that the consent given will not be considered free
mediating gifts or benefits.
The conditioning of the provision of a service, or the
warning or threat to deny access to benefits
or services that are normally of unrestricted access,
it does affect the freedom of the person granting consent to
the processing of your personal data, if the data
requested are not essential for the provision of
benefits or services.

Article 14.- Consent and sensitive data.
In the case of sensitive data, the consent
must be granted in writing, through your signature
handwritten, digital signature or any other mechanism of
authentication that guarantees the unequivocal will of the
headline.
Article 15.- Consent and burden of proof.
For purposes of demonstrating the obtaining of the
consent in the terms established in the Law and in
these regulations, the burden of proof will fall on
all cases in the owner of the personal data bank
or whoever is responsible for the treatment.
Article 16.- Denial, revocation and scope of the
consent.
The owner of the personal data may revoke their
consent to the processing of your personal data
at any time, without prior justification and without
attribute retroactive effects to it. For revocation
consent will meet the same requirements
observed on the occasion of its granting, being able
be these simpler, if it had been so pointed out in such
chance.
The owner of the personal data may deny or revoke
your consent to the processing of your personal data
for purposes additional to those that give rise to
its authorized treatment, without affecting the relationship
that gives rise to the consent that has been granted or not
revoked. In the event of revocation, it is the obligation of whoever
carries out the processing of personal data to adapt
new treatments to revocation and treatments
that were in the process of being carried out, within the term
resulting from diligent action, which may not be
greater than five (5) days.
If the revocation affects the entire treatment
of personal data that had been made, the owner or
manager of the personal data bank, or where appropriate
the person responsible for the treatment, will apply the rules of
cancellation or deletion of personal data.
The owner of the personal data bank or whoever is
data controller must establish mechanisms
easily accessible and unconditional, simple, fast
and free to make the revocation effective.

2. Previous : Prior to the compilation of the
data or, where appropriate, prior to treatment other than that
for which they have already been collected.
3. Express and Unmistakable : When consent
has been manifested in conditions that do not admit
doubts of its granting.
Express consent is deemed to have been given
verbally when the owner expresses it orally
in person or through the use of any
technology that allows oral dialogue.
Written consent is considered to the one who grants
the holder by means of a document with his autograph signature,
fingerprint or any other mechanism authorized by
the legal order that remains or can be printed
on a paper or similar surface.
The condition of express is not limited to the manifestation
verbal or written.
In a restrictive sense and always in accordance with the
provided by article 7 of these regulations,
will consider express consent to the one who
manifest through the conduct of the owner that evidences
that he has unequivocally consented, given that
On the contrary, their conduct would necessarily have been different.
When it comes to the digital environment, it is also considered
expresses the manifestation consisting of "click", "click"
or "punch", "tap", "touch" or "pad" or the like.
In this context, written consent may be granted
by electronic signature, by writing that remains
recorded, so that it can be read and printed, or that
by any other established mechanism or procedure
allows the holder to be identified and to obtain their consent, to
through written text. It may also be granted through
preset text, easily visible, legible and in language
simple, that the owner can make his own, or not, through a
written, graphic or clicked or punctured response.
The sole conduct of expressing will in any of
the forms regulated in this paragraph does not eliminate, nor
considers fulfilled, the other requirements of consent
referring to freedom, opportunity and information.

Chapter II
Limitations on consent
Article 17.- Sources accessible to the public .
For the purposes of article 2, subsection 9) of the Law,
sources will be considered accessible to the public, with
regardless of whether access requires consideration,
the following:
1. Electronic, optical media
and other technology, provided that the place where it is
find the personal data is designed to
provide information to the public and be open to consultation
general.

4. Informed : When the owner of the personal data
is communicated to him clearly, expressly and indubitably, with
plain language, when less of the following:

Page 5

A Peruvian man

491324

LAWS

Lima, Friday March 22, 2013

2. Telephone directories, regardless of the
support in which they are available and in the terms of
its specific regulation.
3. Newspapers and magazines regardless of
support in which they are available and in the terms of
its specific regulation.
4. The media of social communication.
5. Lists of people belonging to groups
professionals that contain only the data of
name, title, profession, activity, academic degree,
postal address, telephone number, fax number,
email address and those who establish
their membership in the group.
In the case of professional associations, they may be indicated
In addition, the following data of its members: number of
tuition, date of incorporation and union status in
relation to professional practice.
6. The repertoires of jurisprudence, duly
anonymized.
7. The Public Registries administered by the
National Superintendency of Public Records SUNARP, as well as any other registry or database
qualified as public according to law.
8. The entities of the Public Administration, in
in relation to the information that must be delivered in
application of Law No. 27806, Law of Transparency and
Access to public information.
The provisions of the preceding paragraph do not want
say that all personal data contained in information
administered by entities subject to the Law of
Transparency and Access to Public Information is
considered accessible public information. The evaluation
access to personal data held by entities
of public administration will be done according to the
circumstances of each specific case.

personal data with the content provided by the article
31 of the Law, and registered as provided by articles
89 to 97 of these regulations.
Article 22.- Recipient of personal data.
The recipient of the personal data assumes the condition
as owner of the personal data bank or responsible
of the treatment in relation to the Law and the present
regulation, and you must process the data
personal complying with the provisions of the information
that the issuer gave prior to consent
collected from the owner of personal data.
Article 23.- Formalization of transfers
nationals.
The transfer must be formalized by
mechanisms to demonstrate that the owner of the
personal data bank or data controller
communicated to the recipient responsible the conditions in
those that the owner of the personal data consented to the
treatment of them.
Article 24.- Cross-border data flow
personal.
Cross-border flows of personal data
will be possible when the recipient or importer of the
personal data assumes the same obligations as
correspond to the owner of the personal data bank or
responsible for the treatment that as issuer or exporter
transferred the personal data.
In accordance with article 15 of the Law, in addition
of the assumptions provided in the first and third paragraph of
said article, the provisions of the second paragraph of the same
It also does not apply when it comes to personal data that
derive from a scientific or professional relationship of the owner and
are necessary for its development or fulfillment.

The treatment of personal data obtained from
through publicly accessible sources must respect
the principles established in the Law and in the present
regulation.

Article 25.- Formalization of the cross-border flow
of personal data.
For the purposes of the preceding article, the issuer or
exporter may use contractual clauses or
other legal instruments establishing
at least the same obligations as those
is subject, as well as the conditions in which the
owner consented to the processing of their personal data.

Chapter III
Transfer of personal data
Article 18.- General provisions.
The transfer of personal data implies the
communication of personal data inside or outside the
national territory made to a person other than the owner of
personal data, to the data bank manager
personal or the person in charge of data processing
personal.
It's called the cross-border flow of personal data
to the transfer of personal data outside the territory
national.
Who to whom the personal data is transferred
is obliged, by the mere fact of the transfer, to the
observance of the provisions of the Law and of this
regulation.

Article 26.- Participation of the General Directorate
Protection of Personal Data regarding the flow
cross-border personal data.
The holders of the personal data bank or
data controllers, may request the opinion of
the General Directorate for the Protection of Personal Data
as to whether the cross-border flow of personal data
carried out or carried out complies with the provisions of the Law
and these regulations.
In any case, the cross-border flow of data
personal will be brought to the attention of the Management
General Protection of Personal Data, including
the information required for the transfer of
personal data and data bank registration.

Article 19.- Conditions for the transfer.
Any transfer of personal data requires
the consent of its owner, except for the exceptions
provided for in Article 14 of the Law and must be limited to the
purpose that justifies it.

Chapter IV
Special processing of personal data
Article 27.- Processing of personal data
juvenile.
For the treatment of the personal data of a minor
of age, the consent of the holders of
parental authority or guardians, as appropriate.

Article 20.- Proof of compliance with the
Obligations regarding transfers.
For purposes of demonstrating that the transfer is
carried out in accordance with the provisions of the Law and this
regulation, the burden of proof will fall, on all
cases, in the data sender.

Article 28.- Exceptional consent.
The personal data of
over fourteen and under eighteen with their
consent, provided that the information provided
has been expressed in a language understandable to them,
Except in the cases that the law requires for its granting the
assistance of the holders of parental authority or guardianship.
In no case will the consent for the treatment
of personal data of minors may be granted
to access activities, related to goods or
services that are restricted to adults.

Article 21.- Transfer within a sector or
business group and code of conduct.
In the case of transfers of personal data
within business groups, subsidiaries
affiliated or linked under the common control of the same group
of the owner of the personal data bank or person in charge
of the treatment, or those affiliated or linked to
a parent company or any company of the same
group of the owner of the data bank or person in charge of the
treatment, it is complied with guaranteeing the treatment of
personal data, if there is a code of conduct
that establishes the internal norms for the protection of

Article 29.- Prohibition of compilation.
In no case may it be collected from a minor

Page 6

A Peruvian man

491325

LAWS

Lima, Friday March 22, 2013

age data that allow obtaining information about
other members of your household, such as
are the data related to professional activity
of their parents, financial information, data
sociological or any other, without the consent of
the holders of such data.
Only identity and address data may be collected
of parents or guardians in order to obtain the
consent referred to in article 27 of this
regulation.

Article 35.- Mechanisms for the provision of
personal data processing service by
outsourced technological means.
The service provider must have the
following mechanisms:
1. Publicize changes in your policies
of privacy or in the conditions of service that
lends to the data controller, to obtain
consent if it meant increasing their
processing powers.
2. Allow the controller to limit the
type of processing of personal data on which
provides the service.
3. Establish and maintain security measures
adequate for the protection of personal data
on those who provide the service.
4. Guarantee the deletion of personal data once
once the service provided to the person in charge has concluded
and that the latter has been able to recover them.
5. Prevent access to personal data to those who
do not have access privileges, or in case it is
requested by the competent authority to report that
made to the responsible.

Article 30.- Promotion of protection.
It is the obligation of all bank holders of
personal data and especially of the entities
collaborate with the promotion of knowledge of the
right to protection of children's personal data,
girls and adolescents, as well as the need for
their treatment is carried out with special responsibility and
safety.
Article 31.- Processing of personal data in the
communications and telecommunications sector.
The operators of communications services or
telecommunications have the responsibility to ensure
confidentiality, security, proper use and integrity
of the personal data that they obtain from their subscribers
and users, in the course of their business operations.
In this sense, they will not be able to carry out a treatment of
cited personal data for purposes other than those
authorized by its owner, except court order or mandate
express legal.
Article 32.- Confidentiality and security.
The
operators
from
communications
telecommunications must ensure confidentiality,
security and proper use of any personal data
obtained as a result of their activity and will adopt
technical, legal and organizational measures, in accordance with
to the provisions of the Law and these regulations, without
detriment to the measures established in the regulations of the
communications and telecommunications sector that
do not oppose the provisions of the Law and the present
regulation.
Article 33.- Processing of personal data
by outsourced technological means.
The processing of personal data by means
outsourced technology, among which are
services, applications, infrastructure, among others, is
referred to those, in which the processing is
automatic, without human intervention.
For cases in which the treatment exists
human intervention articles 37 and 38 apply.
The processing of personal data by means
outsourced technology, whether complete or partial, may
be hired by the data controller
personal as long as for the execution of that
compliance with the provisions of the Law is guaranteed and
these regulations.

or

Article 36.- Provision of services or treatment
custom made.
For the purposes of the Law, the delivery of personal data
from the owner of the personal data bank to the person in charge
constitutes transfer of personal data.
The person in charge of the personal data bank
It is forbidden to transfer the data to third parties
personal object of the provision of services of
treatment, unless the owner of the data bank
personnel who commissioned the treatment have
authorized and the owner of the personal data has provided their
consent, in the cases that said consent
is required according to Law.
The term for the conservation of the data will be two
(2) years from the end of the last assignment
done.
The provisions of this article shall be applicable, in
what corresponds, to the subcontracting of the provision
of personal data processing services.
Article 37.- Treatment through
Outsourcing.
The processing of personal data can be carried out
by a third party other than the person in charge of the treatment, to
through an agreement or contract between these two.
For this assumption, it will be required previously
an authorization by the owner of the bank of
personal data or data controller. Bliss
authorization will also be understood to be granted if it was
provided for in the legal instrument by which
formalized the relationship between the data controller
and the person in charge of it. The treatment that the
subcontractor will be performed in the name and on behalf of the
data controller, but the burden of proving the
authorization corresponds to the person in charge of the treatment.
Article 38.- Liability of the third party
outsourced.
The subcontracted natural or legal person assumes the
same obligations that are established for the person in charge
of the treatment in the Law, the present regulation and others
applicable provisions. However, it will assume the
obligations of the owner of the personal data bank or
data controller when:

Article 34.- Criteria to consider for the
processing of personal data by means
outsourced technology.
When processing personal data by
outsourced technological means should be considered
as minimum benefits the following:
1. Report subcontracting with transparency
that involve the information on which the
service.

1. Target or use personal data with a
purpose other than that authorized by the owner of the bank of
data or data controller; or
2. Make a transfer, in breach of the
instructions from the owner of the personal data bank,
even when it is for the conservation of said data.

2. Do not include conditions that authorize or allow the
provider assume ownership of the data banks
personnel treated in outsourcing.
3. Guarantee the confidentiality of the data
personal information on which it provides the service.

Chapter V
Security measures

4. Maintain control, decisions and
responsibility for the process by which
carries out the processing of personal data.

Article 39.- Security for the treatment of the
digital information.
The computer systems that manage banks of
personal data must include in its operation:

5. Guarantee the destruction or the impossibility of
access personal data after completion of the
benefit.

Page 7

A Peruvian man

491326

LAWS

1. Access control to data information
personal including access management from the
registration of a user, management of user privileges
said user, the user's identification in the system,
among which are username-password, use of
digital certificates, tokens, among others, and perform a
periodic verification of assigned privileges,
which must be defined by a procedure
documented to ensure its suitability.
2. Generate and maintain records that provide
evidence about interactions with data
logical, including for traceability purposes,
the information of user accounts with access to the
system, logon and logoff times and actions
relevant. These records must be legible, timely
and have a disposition procedure, among which
the destination of the records is found, once
these are no longer useful, their destruction, transfer,
storage, among others.

Lima, Friday March 22, 2013

Article 44.- Access to documentation.
Access to documentation will be limited
exclusively to authorized personnel.
Mechanisms will be established to identify
the accesses made in the case of documents that
can be used by multiple users.
Access of persons not included in the paragraph
above must be properly recorded
according to the security directives issued by the
Directorate General for the Protection of Personal Data.
Article 45.- Transfer of documentation no
automated.
Whenever the physical transfer of the
documentation contained in a database must
adopt measures aimed at preventing access or
manipulation of the information object of transfer.
Article 46.- Provision of services without access
to personal data.
The person in charge or the person in charge of the information
or treatment will adopt the appropriate measures to
limit staff access to personal data, to the
media containing them or to system resources
information, to carry out work that does not
involve the processing of personal data.
In the case of third-party personnel, the contract
provision of services will expressly collect
the prohibition of accessing personal data and the
obligation of secrecy regarding the data that the staff
could have known on the occasion of the provision of the
service.

Likewise, the measures of
security related to authorized access to
the data through identification procedures and
authentication that guarantee the security of the treatment
of personal data.
Article 40.- Conservation, backup and recovery
of personal data.
The environments in which it is processed, stored or
transmit the information shall be implemented,
with appropriate security controls, taking as
reference the physical security recommendations and
recommended in the “NTP ISO / IEC 17799 EDI.
Information Technology. Good Practice Code
for Information Security Management. " on the
current edition.
Additionally, the
information security backup mechanisms
of the personal database with a procedure
that includes the verification of the integrity of the
data stored in the backup, including when
appropriate, full recovery from a
interruption or damage, guaranteeing return to state
where it was at the time it occurred
disruption or damage.

TITLE IV
Rights of the owner of personal data
Chapter I
General disposition
Article 47.- Personal nature.
The rights of information, access, rectification,
cancellation, opposition and objective treatment of data
personal can only be exercised by the holder of
personal data, without prejudice to the rules that regulate
the representation.

Article 41.- Logical or electronic transfer of
Personal information.
The exchange of personal data from
processing or storage environments to
any destination outside the physical facilities of
the entity will only proceed with the authorization of the owner
of the personal data bank and it will be done using the
means of transport authorized by the same, taking
the necessary measures, including
data encryption, digital signatures, information, checksum
verification, among others, aimed at preventing access
unauthorized, loss or corruption during transit
towards your destination.

Article 48.- Exercise of the rights of the owner of
personal information.
The exercise of one or more of the rights does not
excludes the possibility of exercising any or some of the
others, nor can it be understood as a prerequisite for
the exercise of any of them.
Article 49.- Legitimacy to exercise the
Rights.
The exercise of the rights contained in the present
title is performed:
1. By the owner of personal data, proving their
identity and presenting a copy of the National Document
Identity or equivalent document.
The use of the digital signature in accordance with the regulations
current, replaces the presentation of the National Document
Identity and its copy.
2. Through a legal representative accredited as such.
3. By expressly empowered representative
for the exercise of the right, attaching a copy of
your National Identity Document or document
equivalent, and the title that accredits the representation.
When the owner of the personal data bank is
a public entity, the representation may be accredited
by any means valid in law that leaves evidence
trustworthy, in accordance with article 115 of Law No. 27444,
General Administrative Procedure Law.
4. In the event that the procedure indicated in
Article 51 of these regulations, the accreditation of
the identity of the owner will be subject to the provisions of said
provision.

Article 42.- Storage of documentation
not automated.
The cabinets, filing cabinets or other items in the
that non-automated documents are stored with
personal data must be found in areas where
access is protected with access doors equipped
of opening systems with a key or other device
equivalent. These areas must remain closed
when access to documents is not required
included in the database.
If due to the characteristics of the premises
it was not possible to comply with the provisions of the
previous section, alternative measures will be adopted,
in accordance with the directives of the General Directorate of
Personal data protection.
Article 43.- Copy or reproduction.
The generation of copies or the reproduction of
documents can only be made under the
control of authorized personnel.
The copies must be destroyed
or discarded reproductions in such a way as to avoid
access to the information contained therein or their
later recovery.

Article 50.- Requirements of the application.
The exercise of rights is carried out through
request addressed to the owner of the personal data bank or
responsible for the treatment, which will contain:

Page 8

A Peruvian man

491327

LAWS

Lima, Friday March 22, 2013

1. Names and surnames of the right holder
and accreditation thereof, and where appropriate, their
representative pursuant to the preceding article.
2. Specific request that gives rise to the request.
3. Domicile, or address that can be electronic, to
effects of the corresponding notifications.
4. Date and signature of the applicant.
5. Documents supporting the request, if the
case.
6. Payment of the consideration, in the case of
public entities as long as they have it foreseen in
its procedures dated prior to the effective date of the
these regulations.

owner of the same in the personal data banks
to administer.
The response to the owner of personal data must
refer only to those data that specifically
have been indicated in your application and must be submitted at
clear, legible, understandable and easily accessible form.
In case of being necessary the use of keys
or codes, the meanings shall be provided
corresponding.
It will correspond to the owner of the personal data bank
or data controller proof of compliance
of the duty of response, having to conserve the means
to do it. The aforementioned will apply, as far as
that was pertinent, to prove the realization of the
established in the second paragraph of article 20 of the
Law.

Article 51.- Customer service services.
When the owner of the personal data bank or
responsible for the treatment has services of
any nature for the attention to your audience or the
exercise of claims related to the service
borrowed or products offered, you may also attend the
requests for the exercise of the rights included
in this title through said services, always
that the terms are not greater than those established in the
these regulations.
In this case, the identity of the owner of personal data
is considered accredited by the means established by
the owner of the personal data bank or person in charge
of the treatment for the identification of the former, always
that it is accredited, according to the nature of the
provision of the service or product offered.

Article 55.- Response periods.

Article 52.- Reception and correction of the
petition.
All applications submitted must be received,
recording its receipt by the
owner of the personal data bank or person responsible for the
treatment. In case the request does not comply with
the requirements indicated in the previous article, the owner
of the personal data bank or responsible for your
treatment, within a period of five (5) days, counted from
the day after receipt of the request, formulate
observations for non-compliance that cannot be
saved ex officio, inviting the owner to correct them within
of a maximum term of five (5) days.
After the specified period has elapsed without the
correction will be considered as not submitted the request.
Public entities apply article 126 of the Law
No. 27444, Law of General Administrative Procedure,
on observations to the documentation presented.
Article 53.- Facilities for the exercise of
right.
The owner of the personal data bank or person in charge
of the treatment is obliged to establish a
simple procedure for the exercise of rights.
Without prejudice to the above and independently
of the means or mechanisms that the Law and the present
regulations establish for the exercise of rights
corresponding to the owner of personal data, the owner
of the personal data bank or the person responsible for the
treatment, may offer mechanisms that facilitate the
exercise of such rights for the benefit of the data holder
personal.
For the purposes of the consideration that must be paid
the owner of personal data for the exercise of their
rights before the public administration will be at
provided in the first paragraph of article 26 of the Law.
The exercise by the owner of personal data of
your rights before the personal data banks of
private administration will be free of charge, except as
established in special rules of the matter. In no
If the exercise of these rights will imply income
additional for the owner of the personal data bank or
responsible for the treatment before which they are exercised.
It cannot be established as means for the exercise
of the rights none that implies the collection of a
additional fee to the applicant or any other means that
involve excessive cost.
Article 54.- Form of the answer.
The owner of the personal data bank or person in charge
treatment must respond to the request in the
form and term established in these regulations, with
regardless of whether or not personal data of the

1. The maximum response time from the bank owner
of personal data or person responsible for the treatment before
the exercise of the right to information will be eight (08)
days counted from the day after the presentation
of the corresponding application.
2. The maximum period for the response of the holder of the
personal data bank or data controller
before the exercise of the right of access will be twenty (20)
days counted from the day after the presentation
of the request by the owner of personal data.
If the request was upheld and the bank owner
of personal data or person responsible for the treatment
Please attach the requested information to your response, the
access will be effective within ten (10) days
to that answer.
3. Regarding the exercise of other rights
such as rectification, cancellation or opposition, the
maximum response time from the data bank holder
personal or data controller will be ten (10)
days counted from the day after the presentation
of the corresponding application.
Article 56.- Information request
additional.
In the event that the information provided in the
request is insufficient or erroneous in a way that does not allow
your attention, the owner of the personal data bank may
require within seven (7) days after receipt
the request, additional documentation to the owner of the data
staff to serve her.
Within ten (10) days of receipt of the
requirement, counted from the day after the
receipt thereof, the owner of personal data
will accompany the additional documentation that it deems
relevant to support your request. In case
Otherwise, said request will be considered as not submitted.
Article 57.- Extension of time limits.
Except for the period established for the exercise of
right to information, the corresponding deadlines
for the answer or the attention of the other rights,
may be extended only once, and for an equal period,
at most, as long as the circumstances
justify.
The justification for the extension of the term must
communicate to the owner of the personal data within the term
that is intended to expand.
Article 58.- Application of specific legislation.
When the provisions applicable to certain
personal data banks in accordance with the legislation
that regulate them establish a procedure
specific for the exercise of regulated rights
in this title, the same will be applied in
how much they offer equal or greater guarantees to the holder of
personal data and do not contravene the provisions of the
Law and these regulations.
Article 59.- Partial or total refusal before the
exercise of a right.
The total or partial negative response by
of the owner of the personal data bank or of the person in charge
of the treatment before the request of a right of the holder
of personal data, must be duly justified
and must indicate the right that assists him to

Page 9

A Peruvian man

491328

LAWS

appeal to the General Directorate of Data Protection
Personal claims, under the terms of the
Article 24 of the Law and of these regulations.

Lima, Friday March 22, 2013

The request for rectification must indicate which data
personal concerns, as well as the correction to be
be carried out in them, accompanying the documentation that
support the origin of the requested rectification.

Chapter II
Special provisions

Article 66.- Inclusion.
It is the right of the owner of personal data that, in via
rectification, your data is incorporated into a bank
of personal data, as well as the treatment of their
personal data that missing information is incorporated
that makes it incomplete, omitted or eliminated in view of
its relevance for said treatment .
The inclusion request must indicate which data
personal refers, as well as the incorporation that has
to be carried out in them, accompanying the documentation
that supports the provenance and interest founded for the
same.

Article 60.- Right to information.
The owner of personal data has the right, by way of
access, to be provided with all the information indicated
in article 18 of the Law and numeral 4 of article 12 of the
these regulations.
The response will contain the extremes provided in the
articles cited in the previous paragraph, unless the owner
has requested the information referred only to one of
they.
It will apply to the response to the exercise of the right
to the information, in what is pertinent, what is established in
Articles 62 and 63 of these regulations.
Article 61.- Right of access.
Without prejudice to the provisions of article 19 of the Law,
the owner of the personal data has the right to obtain
of the owner of the personal data bank or person responsible for the
treatment of the information related to your personal data,
as well as all the conditions and generalities of the
treatment of them.
Article 62.- Means to comply with the
right of access .
The information corresponding to the right to
access, at the option of the owner of personal data,
may be provided in writing, by electronic means,
telephone, image or other suitable for this purpose.
The owner of the personal data may choose through
in some or more of the following ways:
1. On-site display.
2. Written, copy, photocopy or facsimile.
3. Electronic transmission of the answer, always
that the identity of the interested party and the
confidentiality, integrity and receipt of information.
4. Any other form or means that is appropriate to the
configuration or material implementation of the database
personal or the nature of the treatment, established
by the owner of the personal data bank or person in charge
of the treatment.

Article 67.- Suppression or cancellation.
The owner of the personal data may request the
deletion or cancellation of your personal data from a
personal data bank when they have stopped
be necessary or relevant for the purpose for which
have been collected, when the term has expired
established for your treatment, when you have revoked your
consent for the treatment and in the other cases
in which they are not being treated in accordance with the Law and
these regulations.
The request for deletion or cancellation may refer
to all the personal data of the owner contained in
a personal data bank or only to some part of
they.
Within the provisions of article 20 of the Law
and numeral 3) of article 2 of these regulations, the
request for deletion implies the cessation of the treatment of
personal data from a blocking of the same
and its subsequent elimination.
Article 68.- Communication of the deletion or
cancellation.
The owner of the personal data bank or person in charge
of the treatment must document before the owner of the
personal data have complied with the request and indicate
transfers of deleted data, identifying
to whom or to whom they were transferred, as well as the
communication of the corresponding deletion.

Whichever way it is used, access must
be in a clear, readable and intelligible format, without using keys
or codes that require mechanical devices to
their adequate understanding and, where appropriate, accompanied
of an explanation. Likewise, access must be in
language accessible to the average knowledge of the population,
of the terms used. Without prejudice to which,
in order to use the media more
available in each case, the person responsible for the
treatment may agree with the owner the use of means of
reproduction of information other than those established
in these regulations.
Article 63.- Content of the information.
The information that on the occasion of the exercise of
right of access is made available to the owner of
personal data, must be comprehensive and understand the
the entire record corresponding to the data holder
personal, even when the requirement only includes
one aspect of such data. The report may not disclose
data belonging to third parties, even when linked
with the interested party.

Article 69.- Inadmissibility of the deletion or
cancellation.
The deletion will not proceed when the personal data
must be preserved for historical reasons,
statistical or scientific in accordance with the legislation
applicable or, where appropriate, in contractual relationships
between the controller and the owner of the personal data,
that justify their treatment.
Article 70.- Protection in case of denial of
deletion or cancellation.
Whenever possible, depending on the nature of the
reasons supporting the denial provided for in paragraph
above, means of dissociation or
anonymization to continue treatment.

Article 64.- Update.
It is the right of the owner of personal data, via
rectification, update those data that have been
modified on the date of exercise of the right.
The update request must indicate which data
personal refers, as well as the modification that has
to be carried out in them, accompanying the documentation that
support the origin of the requested update.

Article 71.- Opposition.
The owner of personal data has the right not to
the processing of your personal data is carried out
or it ceases in the same, when it has not provided
your consent to its collection for having been
taken from a public access source.
Even if he had consented, the
owner of personal data has the right to object
to the processing of your data, if you prove the existence of
well-founded and legitimate reasons relating to a specific
personal situation that justify the exercise of this
right.
In the event that the opposition is justified, the owner
of the personal data bank or responsible for your
treatment must proceed to the cessation of the treatment that
has given rise to opposition.

Article 65.- Rectification.
It is the right of the owner of personal data that
modify the data that turns out to be inaccurate, erroneous
or false.

Article 72.- Right to objective treatment of
personal information.
To guarantee the exercise of the right to treatment
objective in accordance with the provisions of article 23

Page 10

A Peruvian man

491329

LAWS

Lima, Friday March 22, 2013

of the Law, when personal data is processed as part
of a decision-making process without participation
of the owner of the personal data, the owner of the bank of
personal data or data controller must
inform you as soon as possible, without prejudice to the
regulated for the exercise of other rights in the
Law and these regulations.

mainly contain information about banks
of personal data of public or private ownership
and its purpose is to publicize the registration of
said banks in such a way that it is possible to exercise the
rights of access to information, rectification,
cancellation, opposition and others regulated in the Law and the
these regulations.

Chapter III
Guardianship procedure
Article 73.- Direct guardianship procedure.
The exercise of the rights regulated by the Law and
This regulation begins with the request that the
owner of personal data must direct directly
to the owner of the personal data bank or person in charge
of the treatment, according to the characteristics that
regulated in the preceding articles of this title.
The owner of the personal data bank or person in charge
treatment must respond, within the deadlines
provided for in article 55 of these regulations,
expressing what corresponds to each of the extremes
of the request. After the period has elapsed without having received the
response, the applicant may consider his / her
request.
Denial or unsatisfactory response enables
the applicant to initiate the administrative procedure before
the Directorate General for the Protection of Personal Data,
in accordance with article 74 of these regulations.
Article 74.- Trilateral guardianship procedure.
The administrative procedure for guardianship of
rights regulated by the Law and the present regulation,
subject to the provisions of articles 219 to 228 of the Law
No. 27444, Law of General Administrative Procedure
as applicable, and will be resolved by
resolution of the General Director of Data Protection
Personal. Only appeal against this resolution
reconsideration, which, once resolved, exhausts the path
administrative.
To initiate the administrative procedure to which
this article refers to, without prejudice to the requirements
general provisions provided for in these regulations, the owner
of personal data you must submit with your request
guardianship:
1. The application fee that you previously sent to the
owner of the personal data bank or person responsible for the
treatment to obtain from him, directly, the guardianship of
Your rights.
2. The document containing the response of the
owner of the personal data bank or person responsible for the
treatment that, in turn, contains the denial of your
request or response that you consider unsatisfactory,
have received it.
The maximum period in which the request for
guardianship of rights will be thirty (30) days, counted from
the day after receiving the reply from the claimed
or from the expiration of the term to formulate it and may
be extended up to a maximum of thirty (30) days
additional, taking into account the complexity of the case.
The order to carry out the inspection visit suspends
the term foreseen to resolve until the receipt of the
corresponding report.
Article 75.- Inspection visit.
To better resolve, the Directorate may be ordered
of Supervision and Control to carry out a visit of
audit, which will be carried out in accordance with the provisions of
Articles 108 to 114 of these regulations, within
the five (5) days following receipt of the order.
TITLE V

Article 77.- Acts and documents inscribable in
register.
They will be registered in the National Registry of
Protection of Personal Data in accordance with the provisions
in the Law and in this title:
1. The administration's personal data banks
public, with the exceptions provided in the Law and the
these regulations.
2. The administration personal data banks
private, with the exception provided in number 1) of the
Article 3 of the Law.
3. The codes of conduct referred to in the article
31 of the Law.
4. Sanctions, precautionary or corrective measures
imposed by the General Directorate of Data Protection
Personal in accordance with the Law and these regulations.
5. Communications referring to cross-border flow
of personal data.
Anyone can consult the information
referred to in article 34 of the Law and any other
contained in the Registry.
Article 78.- Obligation to register.
Natural or legal persons in the private sector
or public entities that create, modify or cancel
personal data banks are obliged to process the
registration of these acts before the National Registry of
Personal data protection.
Chapter II
Enrollment procedure
Article 79.- Requirements.
The owners of the personal data banks
must register them in the National Protection Registry
of Personal Data by providing the following
information:
1. The name and location of the database
personal, their purposes and intended uses.
2. The identification of the owner of the data bank
personal, and where appropriate, the identification of the person in charge
of the treatment.
3. Types of personal data subject to treatment
in said bank.
4. Obtaining procedures and the system of
treatment of personal data.
5. The technical description of the measures of
safety.
6. Recipients of data transfers
personal.
Article 80.- Models or forms.
The General Directorate of Data Protection
Personal will publish the models by resolution
o electronic forms of creation requests,
modification or cancellation of databases
personal, that allow their presentation through
telematic means or on paper, in accordance with the
procedure established in these regulations.
Electronic models or forms may be
obtain free of charge on the Institutional Portal of the
Ministry of Justice and Human Rights.
Article 81.- Start.
The procedure will begin with the presentation, before
the Directorate of the National Registry of Data Protection
Personal, of the request for creation, modification or
cancellation of the personal data bank made by
its holder or duly accredited representative.
In the case of the registration application, you must
contain the requirements set forth herein
regulation, if any of the requirements are missing, it will be required
that the omission be corrected, in accordance with the provisions of the
next article.

National Protection Registry
Personal Data
Chapter I
General disposition
Article 76.- Registry registration.
The National Data Protection Registry
Personal is the storage unit intended for

Page 11

A Peruvian man

491330

LAWS

Likewise, in the case of the request for modification
or cancellation of a personal data bank, you must
indicate in it the bank's registration code
of personal data in the National Protection Registry
of Personal Data.
In the application, you must declare an address or
address, in order to send notifications regarding
to the respective procedure.

Lima, Friday March 22, 2013

Article 87.- Challenge.
Against the resolution that denies the registration
reconsideration and appeal proceedings proceed,
in accordance with the procedure indicated in Law No. 27444,
General Administrative Procedure Law.

Article 82.- Correction of defects and
archiving.
If the submitted application does not meet the requirements
required by the regulations, the Registry Office
National Protection of Personal Data will require the
applicant that within ten (10) days remedies the
omission. The maximum term has expired, without the interested party
has complied with correcting said omission, the
to the filing of the application.
Article 83.- Registration resolution.
The Director of the Directorate of the National Registry of
Protection of Personal Data will issue the resolution
providing for the registration of the personal data bank,
provided that it complies with the requirements of the Law and
these regulations.
The resolution must state:
1. The code assigned by the Registry.
2. The identification of the personal data bank.
3. The description of the purpose and intended uses.
4. The identification of the owner of the data bank
personal.
5. The category of personal data it contains.
6. Obtaining procedures.
7. The personal data processing system and
the indication of the security measures.

Article 88.- The instances.
The Directorate of the National Protection Registry
of Personal Data constitutes the first instance
for the purposes of attending administrative resources
filed against the denial of registration of a
personal data bank. Will solve the resources of
reconsideration and will raise the appeal to the Directorate
General Protection of Personal Data that will resolve
in last administrative instance by the origin or
inadmissibility of the inscription.
Chapter III
Enrollment procedure
of codes of conduct
Article 89.- Scope of application of the codes
of conduct.
1. The codes of conduct shall be
voluntary.
2. The sectoral codes of conduct
may refer to all or part of the treatments
carried out by the sector, and must be formulated by
representative organizations of the same.
3. The codes of conduct promoted by a company
or business group should refer to all of the
treatments carried out by them.
Article 90.- Content.

Likewise, they will include, where appropriate, the identification
of the person in charge of the treatment where you are
located the personal data bank and the recipients of
personal data and cross-border flow.
Once the personal data bank has been registered in the
National Data Protection Registry, the
decision to the interested party.
The registration of a personal data bank in
the National Data Protection Registry does not exempt
to the holder of the fulfillment of the rest of the obligations
provided for in the Law and these regulations.
Article 84.- Modification or cancellation of banks
of personal data.
The registration of a personal data bank must
stay updated at all times. Any
modification that affects the content of the registration
must be previously communicated to the Directorate of
National Registry of Protection of Personal Data
for your registration.
When the owner of a personal data bank
decide its cancellation, you must notify the Management
of the National Registry of Protection of Personal Data,
for the purpose of proceeding to the cancellation of the registration.
The applicant will specify the destination to be given to the
data or provisions for its destruction.
Article 85.- Duration of the procedure.
The maximum term to issue the resolution about
registration, modification or cancellation will be thirty
(30 days.
If no resolution had been issued within said period
express, it shall be understood as registered, modified or canceled the
personal data bank, for all purposes.
Article 86.- Inadmissibility or denial of the
inscription.
The Director of the Directorate of the National Registry of
Data Protection will issue a resolution denying the
registration when the application does not meet the requirements
provided in the Law and in these regulations or other
provisions issued by the General Directorate of Protection
of Personal Data in accordance with the powers
legal conferred.
The resolution must be duly motivated,
with express indication of the causes that prevent
registration, modification or cancellation.

1. Codes of conduct must be written in
clear and accessible terms.
2. Codes of conduct must be adequate
to the provisions of the Law and include at least the
following aspects:
2.1. The clear and precise delimitation of its scope of
application, the activities to which the code refers and the
treatments subjected to it.
2.2. Specific provisions for the application of
the principles of personal data protection.
2.3. The establishment of homogeneous standards
for compliance by those adhering to the code of the
Obligations established in the Law.
2.4. The establishment of procedures that
facilitate the exercise by those affected of their rights
of information, access, rectification, cancellation and
opposition.
2.5. Determination of national transfers
and international personal data that, where appropriate,
are provided with an indication of the guarantees that must
be adopted.
2.6. Promotion and dissemination actions regarding
protection of personal data aimed at those who process them,
especially in terms of their relationship with those affected.
2.7. The supervisory mechanisms through the
which is guaranteed compliance by adherents of
what is established in the code of conduct.
3. In particular, the code must include:
3.1 Clauses for obtaining consent
of the holders of personal data to the treatment or
transfer of your personal data.
3.2 Clauses to inform the owners of the data
personal data of the treatment, when the data is not
obtained from them.
3.3 Models for the exercise by those affected by
your rights to information, access, rectification,
cancellation and opposition.
3.4 If applicable, model clauses for the
compliance with the formal requirements for the
hiring a person in charge of the treatment.
Article 91.- Beginning of the procedure.
The procedure for registration in the Registry
National Protection of Personal Data of the
codes of conduct will always be initiated at the request of

Page 12

A Peruvian man
Lima, Friday March 22, 2013

491331

LAWS

the entity, body or association promoting the code of
conduct.
The application, in addition to meeting the requirements
legally established, will meet the following requirements
additional:

the initiation of the sanctioning procedure, with
identification of the owner of the personal data bank or
of the data controller and the alleged commission of
acts contrary to the Law and these regulations.

1. Accreditation of the representation that the
person submitting the request.
2. Content of the agreement, agreement or decision by the
that the content is approved in the corresponding field
of the code of conduct presented.
3. In case the code of conduct is appropriate
of a sectoral agreement or a company decision,
The certification referring to the adoption of the

Article 99.- Initiation of the procedure of
oversight.
The inspection procedure always starts from
office as a consequence of:
1. Direct initiative of the Directorate of Supervision and
Control or the General Director of Data Protection
Personal.

agreement and legitimacy of the body that adopted it and copy
of the statutes of the association, sectoral organization or
entity within whose framework the code has been approved.
4. In the case of codes of conduct presented by
associations or organizations of a sectoral nature,
attach documentation regarding its representativeness
in the sector.
5. In the case of codes of conduct based on
company decisions, a description of the
treatments to which it refers.
Article 92.- Correction of defects.
Analyzed the substantive aspects of the code of
conduct, if the contribution of new
documents or the modification of their content, the Directorate
National Registry of Protection of Personal Data
will require the applicant that within ten (10) days
make the necessary modifications.

2. By complaint of any public entity, person
natural or legal.
In both cases, the Supervision Directorate
and Control will require the owner of the data bank
personal, the person in charge or whoever is responsible,
information regarding the processing of personal data
or the necessary documentation. In the case of visits
inspection of the headquarters of public entities
or private where the data banks are located
personnel they administer, the examiners will have
access to them.
Article 100.- Reconduction of the procedure.
In the event that the complaint presented may
be perceived as not addressing the objectives of a
control procedure, but to those of the guardianship of
rights, will be derived to the corresponding procedure.

Article 93.- Procedure.
After the period indicated in the previous article,
the Directorate of the National Registry of Data Protection
Personal will prepare a report on the characteristics
of the draft code of conduct that will be sent to the
Directorate of Regulations and Legal Assistance, so that
report within seven (07) days if you comply with the
required by law and this regulation.

Article 101.- Public faith.
In the exercise of inspection functions, the
staff of the Directorate of Supervision and Control will be
endowed with public faith to verify the veracity of the
facts in relation to the procedures in your charge.

Article 94.- Issuance of the resolution.
Once the provisions of the preceding articles have been fulfilled, the
Director of the Directorate of the National Protection Registry
of Personal Data will issue the resolution providing the
inscription of the code of conduct, provided that it conforms to
the requirements of the Law and these regulations.

1. Name of the complainant and address for purposes
to receive notifications.
2. List of the facts on which you base your complaint
and the supporting documents.
3. Name and address of the accused or, where appropriate,
data for your location.

Article 102.- Requirements of the complaint.
The complaint must indicate the following:

Article 95.- Duration of the procedure.
The maximum term to issue the resolution will be
thirty (30) days, counted from the filing date
of the application before the National Registry Office
Protection of Personal Data. If within that period
the resolution had not been issued, the applicant may
consider your request estimated.
Article 96.- Inadmissibility or denial of the
inscription.
The denial of the registration of the code of
conduct will be resolved by resolution of the Director
of the Directorate of the National Registry for the Protection of
Personal Data, when said request does not comply with
the requirements set forth in the Law, this regulation
and those provisions issued by the General Directorate
Protection of Personal Data, within the framework of its
legal and statutory powers.
Against the resolution that denies the registration
reconsideration and appeal proceedings proceed,
in accordance with the procedure indicated in articles 87 and
88 of these regulations.
Article 97.- Advertising
The National Registry of Protection of Personal Data
publicize the content of the codes of conduct
using electronic or telematic means.
TITLE VI
Infringements and sanctions
Chapter I
Inspection procedure

Article 103.- Form of the complaint.
The complaint may be submitted on physical or
according to the automated standard formats, which are displayed in
the Institutional Portal of the Ministry of Justice and Rights
Humans.
When the complaint is presented by means
electronic devices through the system that establishes the
Directorate General for the Protection of Personal Data,
it will be understood that it is accepted that the notifications are
made by said system or through other means
electronic generated by it, unless a
different medium.
Article 104.- Request for information.
When a complaint is made, the Directorate of
Supervision and Control may request the documentation
that the complainant deems appropriate for the development of the
process.
Article 105.- Development of the inspection.
The inspection procedure will last
maximum of ninety (90) days, this period runs from
the date on which the Directorate of Supervision and Control
receives the complaint or initiates the procedure ex officio
and will conclude with the report that will pronounce on the
existence of elements that support or not, the alleged
commission of offenses provided for in the Law.
The established period may be extended once
and up to a period of forty-five (45) days,
by reasoned decision, taking into account the complexity of
the matter audited and with the knowledge of the Director
General Protection of Personal Data.
Article 106.- Visiting program.
The audit may include various visits to
obtain the necessary elements of conviction, the

Article 98.- Purpose.
The audit procedure will be aimed at
determine if the circumstances that justify

Page 13

A Peruvian man

491332

LAWS

which will be developed with a maximum term of ten
(10) days between each one. After the first visit,
notify a program of visits to the owner of the bank of
personal data or the person in charge or the person in charge of the
treatment and, where appropriate, the complainant.
Article 107.- Personnel identification
inspector.
At the beginning of the visit, the inspection staff must
show valid credential with photograph, issued by
the General Directorate for the Protection of Personal Data
that accredits it as such.
Article 108.- Inspection visits.
The personnel who carry out the inspection visits
must be provided with a reasoned written order with signature
autograph of the official, of which he will leave a copy, with
charge, to the person who attended the visit.
The order must specify the place or places
where the public or private entity or the
natural person to be audited, or where they are
the personal data banks subject to control, the
generic purpose of the visit and the legal provisions that
found it.
Article 109.- Inspection Act.
Inspection visits require the survey
of the corresponding act, which will record
of the actions carried out during the visit of
check. Said act shall be drawn up in the presence of two
witnesses proposed by the person with whom it was understood
the diligence. If he had refused to propose them or not
would have participated the proposed ones, the signature of the
person with whom the diligence or record was understood
of your refusal to sign, if applicable.
The minutes will be prepared in duplicate and signed by
the inspection staff and those who have participated in the
diligence. The minutes may include the statement that the
participants consider that it is appropriate to their right.
One of the originals will be delivered to the audited
of the audit report, the other joining the
acted.
Article 110.- Content of the minutes of
oversight.
The inspection records shall state:
1. Name, denomination or company name of the
audited.
2. Time, day, month and year in which the
oversight.
3. The data that fully identify the place
where the inspection was carried out, such as street, avenue,
passage, number, district, zip code, public entity
or private where the place where it is located is located
practiced the inspection, as well as the telephone number or
another form of communication available with the auditee.
4. Number and date of the inspection order that the
reason.
5. Name and title of the person who attended the
auditors.
6. Name and address of the people who participated
as witnesses.
7. Data and details related to the action.
8. Declaration of the inspected if requested.
9. Name and signature of those who participated in the
audit, including those of those who had it
carried out. If the auditee refuses to sign, his
legal representative or the person who attended the examiner,
This will not affect the validity of the record, and the staff must
examiner to establish the respective reason.
The signature of the auditee will not imply their agreement
with the content, but only your participation and
receipt of it.
Article 111.- Obstruction to inspection.
If the inspected party directly refused to collaborate
or observe obstructive behavior, delaying
unjustifiably
its
collaboration,
unreasonable questions to the audit work,
disregarding the indications of the auditors or
any other similar or equivalent conduct, will be left
constancy in the minutes, with precision of the act or acts

posing

Lima, Friday March 22, 2013

obstructive and of its systematic nature, of being the
case.
Article 112.- Observations in the act of
audit or later.
Notwithstanding that the audited may formulate
observations in the act of inspection and express
what is convenient for you in relation to the facts
contained in the minutes, they may also do so in writing
within the term of five (5) days following the
date on which it was raised.
Article 113.- Report.
The inspection procedure will conclude with
the report issued by the Directorate of Supervision and
Control, in which it will determine on a preliminary basis
the circumstances that justify the establishment of the
sanctioning procedure or the absence of them.
If this is the case, the measures that
the alleged perpetrator must be ordered, on the way
precautionary. The instruction of the sanctioning procedure
It will be carried out in accordance with the provisions of the Law and the
these regulations.
The determination of the presumed responsibility for
acts contrary to what is established in the Law and the present
regulations contained in the Report, will be notified to the
audited and the complainant, if applicable, within a
that will not exceed five (5) days.
Article 114.- Inappropriateness of means of
challenge.
Against the audit report issued
the Directorate of Supervision and Control does not
filing of any appeal, the contradiction of its
content and any form of defense against it
will be enforced in the sanctioning procedure, if
the case.
Chapter II
Penalty procedure
Article 115.- Procedure authorities
sanctioner.
For the purposes of applying the rules on
the sanctioning procedure established in the Law, the
authorities are:
1. The Director of the Sanctions Directorate is the
authority that instructs and resolves, in the first instance,
on the existence of infringement and imposition or not of
sanctions and ancillary obligations tending
to the protection of personal data. In addition,
is competent to lead and develop the phase of
investigation, and is responsible for carrying out the
actions necessary to determine the circumstances
of the commission, or not, of the acts contrary to the established
in the Law and these regulations.
2. The General Director of Data Protection
Personal resolves in the second and last instance the
sanctioning procedure and its decision exhausts the way
administrative.
Article 116.- Beginning of the procedure
sanctioner.
The sanctioning procedure will always be promoted
ex officio, in response to a report from the Directorate of
Supervision and Control that can obey a complaint
on the part or motivated decision of the General Director of
Personal data protection.
Article 117.- Liminal rejection.
The Sanctions Directorate may, through
express and motivated resolution, decide the filing
of the cases that do not merit the initiation of the procedure
sanctioner, notwithstanding the report of the Directorate of
Supervision and control. Against this decision you can appeal
The complainant.
Article 118.- Precautionary and corrective measures.
Once the sanctioning procedure has started, the
Directorate of Sanctions may provide, by act
reasoned, the adoption of provisional measures
that ensure the effectiveness of the final resolution that could
relapse into the aforementioned procedure, with observance

Page 14

A Peruvian man

491333

LAWS

Lima, Friday March 22, 2013

of the applicable norms of Law No. 27444, Law of the
General Administrative Procedure.
Likewise, without prejudice to the administrative sanction
that corresponds to a violation of the provisions
contained in the Law and these regulations,
may dictate, whenever possible, corrective measures
designed to eliminate, prevent or stop the effects of
infractions.
Article 119.- Content of the initiation resolution
of the sanctioning procedure.
1. The Sanctions Directorate notifies the resolution of
initiation of the sanctioning procedure that will contain:
2. The identification of the authority that issues the
notification.
3. The indication of the corresponding file and the
mention of the inspection report, if applicable.
4. The identification of the public or private entity to
who opens the procedure.
5. The decision to open disciplinary proceedings.
6. The account of the antecedents that motivate the beginning of the
sanctioning procedure, which includes the manifestation
of the facts attributed to the company and of the
qualification of the infractions that such facts may
constitute.
7. The sanction or sanctions, which may be
impose.
8. The term to present the defense and evidence.
Article 120.- Presentation of discharges and
tests.
The managed within a maximum period of fifteen (15)
days, counted from the day after notification
corresponding will present its discharge, in which
may specifically pronounce on each
one of the facts that are expressly attributed to him,
affirming them, denying them, pointing out that he ignores them for
not be their own or stating how they occurred, depending on
be the case. You can also present the arguments
by means of which the infringement that is
presume and the corresponding evidence.
In case expert or testimonial evidence is offered,
the facts on which they will relate and will be specified
indicate the names and addresses of the expert or
witnesses, exhibiting the questionnaire or the interrogation
respective in preparation thereof. Without these
requirements such tests will be considered not offered.
Article 121.- Actions for the instruction of
the facts.
After the period of fifteen (15) days for the
presentation of the discharge, with or without it, the Directorate
of Sanctions will carry out ex officio all actions
necessary for the examination of the facts and may order
an inspection visit by the Directorate of
Supervision and Control, if it has not been done before, with
the purpose of collecting the information that is necessary
or relevant to determine, where appropriate, the existence of
offenses subject to sanction.
Article 122.- Closing of the investigation and termination of the
sanctioning procedure.
Once the instructive actions have been concluded, the Directorate of
Sanctions will issue a resolution closing the instructive stage
within fifty (50) days from the start
of the procedure.
Within twenty (20) days after the
notification of the resolution to close the stage
instructive, the Sanctions Directorate must resolve in
First instance.
An oral report may be requested within five (5)
days after notification of the closure resolution
of the instructive stage.
When there is just cause, the Directorate of
Sanctions may be extended once and up to one
equal period, the period of fifty (50) days to which it refers
this article.
The resolution that resolves the procedure
sanctioner will be notified to all intervening parties
in the procedure.
Article 123.- Challenge.
Against the resolution that resolves the procedure

sanctioner, the appeals for reconsideration or
appeal within fifteen (15) days of notification of the
resolution to the administrator.
The appeal for reconsideration will be based on a new
test and will be resolved by the Directorate of Sanctions in
a term that will not exceed thirty (30) days.
The appeal will be resolved by the Director
General Protection of Personal Data, having to
go to the same authority that issued the act that
is challenged, so that it elevates the action. The resource of
The appeal must be resolved within a period of no more than
thirty (30) days.
Chapter III
Sanctions
Article 124.- Determination of the sanction
administrative fine.
Fines are determined based on the Unit
Tax Tax in force on the date it was committed
the offense and when it is not possible to establish such a date,
the one that is in force on the date in which the Directorate
General Protection of Personal Data detected the
infringement.
Article 125.- Graduation of the amount of the sanction
administrative fine.
To graduate the sanction to be imposed, it must be observed
the principle of reasonableness of the sanctioning power
recognized in numeral 3 of article 230 of Law No.
27444, Law of General Administrative Procedure, as well
such as the condition of a sanctioned repeat offender and the conduct
procedural of the offender.
In case the infractions continue, then
if sanctioned, a sanction must be imposed
greater than that previously imposed in accordance with
terms established in numeral 7 of article 230 of
Law No. 27444, Law of Administrative Procedure
General.
Article 126.- Mitigating factors .
Collaboration with the actions of the authority
and the spontaneous recognition of infractions
accompanied by amendment actions will be considered
mitigating. Attending to the opportunity of recognition
and to the amendment formulas, the attenuation will allow
even the motivated reduction of the sanction below
of the range foreseen in the Law.
Article 127.- Delay in the payment of fines.
The manager who does not make the timely payment of the
fines incurs automatic default, consequently the
amount of unpaid fines will accrue default interest
that will be applied daily from the day after the
expiration date of the fine cancellation period
up to and including the payment date, multiplying the amount
of the unpaid fine for the Moratorium Interest Rate (TIM)
current daily. The daily Moratorium Interest Rate (TIM)
current result of dividing the Moratorium Interest Rate
(TIM) valid between thirty (30).
Article 128.- Incentives for the payment of the sanction
fine.
It will be considered that the sanctioned person has complied
with paying the fine if, before the expiration of the
term granted to pay the fine, deposit in the
bank account determined by the General Directorate
Protection of Personal Data sixty per
one hundred (60%) of its amount. For said effect to take effect
benefit must communicate such fact to the Directorate
General Protection of Personal Data, attaching
the corresponding bank deposit voucher.
After this period, the payment will only be accepted by the
full of the fine imposed.
Article 129.- Execution of the fine sanction.
The execution of the fine sanction is governed by the
law of the matter referred to the execution procedure
coercive.
Article 130.- Record of sanctions, measures
precautionary and corrective.
The Directorate of the National Protection Registry
of Personal Data will be in charge of the Registry of

Page 15

A Peruvian man

491334

LAWS

Sanctioned for breach of the Law and this
regulations, the Register of Precautionary Measures and the
Corrective Measures Registry, the same ones that will be
published on the Institutional Portal of the Ministry of
Justice and Human Rights.
Article 131.- Application of periodic penalty payments
In case of breach of accessory obligations
to the sanction of a fine imposed for violation of the Law and
these regulations, the Directorate of Sanctions may
impose periodic penalty payments according to the following
graduation:
1. For breach of accessory obligations to
the sanction of a fine imposed for minor offenses, the
Coercive fine will be from zero point two to two Units
Taxes (0.2 to 2 UIT).
2. For breach of accessory obligations to the
sanction of a fine imposed for serious infractions, the
coercive fine will be from two to six Tax Units
Tax (2 to 6 UIT).
3. For breach of accessory obligations
to the sanction of a fine imposed for very infringements
serious, the coercive fine will be from six to ten Units
Taxes (6 to 10 UIT).
SUPPLEMENTARY PROVISIONS
FINALS
FIRST.- Interoperability between entities
public.
The definition, scope and content of the
interoperability, referred to in the first paragraph
of article 11 of these regulations, as well as the
guidelines for its application and operation in
compliance with data protection regulations
personal, are the responsibility of the National Office
of Electronic Government and Informatics - ONGEI de la
Presidency of the Council of Ministers, in his capacity as
Governing Body of the National Computer System. The
interoperability between entities will be regulated as
to its implementation within the framework of the provisions of
numeral 76.2.2 of subsection 76.2 of article 76 of the
Law No. 27444, Law of Administrative Procedure
General.
SECOND.- Protection of personal data and
competitiveness.
The powers established in the present
regulations are exercised by the National Authority of
Protection of Personal Data, in accordance with
the country's competitiveness policies established by the
corresponding entity.
THIRD.- Protection of personal data and
social programs.
In accordance with the provisions of paragraph 12 of article
33 of the Law, the terms in which the
compliance with the Law and these Regulations with the
norms or policies of transparency and supervision that
govern the administration of linked databases
with Social Programs and the Targeting System
Households will be developed by directive and in
coordination with the Ministry of Development and Inclusion
Social - MIDIS.
SUPPLEMENTARY PROVISIONS
TRANSITORY
FIRST.- Adaptation of data banks
personal.
Within two (2) years of the entry into force
of this regulation, personal data banks
existing, must comply with the provisions of the Law
and these regulations, without prejudice to the registration
referred to in the Fifth Complementary Provision
End of Law No. 29733, Data Protection Law
Personal.
SECOND.- Sanctioning power.
The sanctioning power of the General Directorate of
Protection of Personal Data, in relation to banks
of personal data existing on the date of entry
in force of this regulation, is suspended

Lima, Friday March 22, 2013

until the expiration of the established adaptation period
in the First Transitory Complementary Provision.
THIRD.- Formats.
The General Directorate of Data Protection
Personal will create the necessary standard formats for the
processing of the procedures regulated in the present
regulation within a period not to exceed sixty (60)
days of the entry into force of this regulation.
915561-3

Notary transfers are approved
Public holders of various Districts
Notaries, to temporarily occupy
vacant places
MINISTERIAL RESOLUTION
No. 0079-2013-JUS
Lima, March 21, 2013
SEEN: Report N ° 051-2013-JUS / CN, of the
President of the Council of Notaries, on transfer
temporary of the notary public Mercedes Eugenia Portugal
Montejo, and;
CONSIDERING:
That, the Fifth Complementary Provision
Transitory Law No. 29933 - Law that modifies the
Article 9 of Legislative Decree No. 1049, Decree
Legislative of the Notary Public, on the notarial positions in
the territory of the Republic, establishes that the Ministry
Justice and Human Rights, in attention to the
needs of the population, you can arrange the
temporary transfers of notaries public at the level
national, when there are vacancies and until
are covered by virtue of the national public tender of
merits referred to in the supplementary provision
second transitory of the aforementioned Law; and in case
it is declared deserted, until the
places for regular public competitions;
That, through Supreme Decree No. 020-2012JUS, the Temporary Transfer Regulation was approved
of Notaries at the national level, in accordance with the
Fifth Transitory Complementary Provision of the
Law No. 29933 referred to above, whose article 2, literal b)
states that temporary transfers will be approved
by Ministerial Resolution, with the indication of the notary
public transferred, the district and province of origin, the
destination district and province; adding the literal c)
of the aforementioned article that for the transfer to take place
temporary, there must be the written acceptance of the
respective notary public; limiting in its literal e)
that the notaries public temporarily transferred
maintain a direct relationship with the College of Notaries
originally;
That, numeral 6.1 of Directive No. 001-2013-JUS /
CN on the “Norms and Procedures that regulate the
Temporary Transfer of Notaries ”, approved by Resolution
Ministerial N ° 0063-2013-JUS, provides that the Ministry
of Justice and Human Rights issues the Resolution
Ministerial approving the temporary transfer of the notary
public at the proposal of the President of the Council; in addition
Section 5.6 of the aforementioned Directive provides that the
Notaries Associations of destination of notaries public
temporarily transferred, they must refrain from
intervene, supervise, control or take any action
what hinders the regular exercise of the aforementioned notary
public;
That, through Report No. 035-2013-JUS / CN, of
the President of the Council of Notaries, it was determined the
priority of filling vacant places by transfer
temporary, in response to the needs of the population,
while the National Public Contest of
Merits for Entry to the Notarial Function or the Contest
regular, constituting a total of eighteen (18) places ,
of which nine (09) correspond to the Notarial District
of San Martín;
That, by Ministerial Resolution No. 336-2004-JUS,
of July 20, 2004, the lawyer was appointed

