BritCham Chile addressed the role of technology in data protection under the new legislation
August 27 ,2025
August 27 ,2025
Santiago, August 27, 2025.
The Chilean-British Chamber of Commerce (BritCham Chile), through its Technology, Innovation and Sciences Committee together with the Legal Committee, convened a diverse group of experts and business representatives to analyze one of the most critical issues of the year: the upcoming enforcement of the Chilean Data Protection Law.
The discussion, entitled “The Role of Technology in Data Protection: An Unavoidable Need in Chile”, took place in a context where information security has become a key factor for competitiveness, corporate sustainability, and citizen trust. The session addressed both regulatory changes and the practical responses companies of different sizes and sectors are implementing to anticipate the new standards.
The new law represents a turning point for data management in Chile. Inspired by international frameworks such as the European Union’s General Data Protection Regulation (GDPR), this national regulation introduces principles of accountability, heavy financial penalties, and compliance obligations that go beyond the legal sphere, directly impacting technological, strategic, and operational decision-making.
It is a framework that completely redefines how privacy and personal data management are understood. Good intentions are no longer sufficient; companies must now provide evidence, documented processes, and internal governance capable of demonstrating compliance at every stage.
The challenge is even greater for small and medium-sized enterprises, which until now operated under less demanding standards but must now prove their ability to implement controls, maintain data processing records, and respond to audits or inspections.
One of the main points of consensus was that technology, far from being merely a source of risk, is the primary tool for achieving compliance and strengthening security. Solutions such as data encryption, access management systems, intelligent firewalls, advanced monitoring tools, and ongoing cybersecurity training were highlighted as indispensable pillars of modern risk management.
However, technology alone is not enough. Its effectiveness depends on organizational culture and the commitment of all company areas, from boards of directors to operational teams. Participants stressed the importance of building a common language between legal, technological, and management teams—overcoming the traditional barriers that separate those who design privacy policies from those who implement platforms or protect critical systems.
The panel showcased experiences from industries as diverse as healthcare, automotive, and technology services. Each faces unique challenges, yet all share the urgency of rethinking strategies in light of the new law.
In healthcare, for instance, a cyberattack can have lethal consequences by compromising vital medical systems or connected devices. Here, data security equals patient safety. In the automotive industry, personal data management is linked to international contracts, distribution licenses, and global compliance requirements that determine the viability of multimillion-dollar businesses.
In technology services, the debate centered on how to help SMEs adopt cost-effective tools that enable compliance without overwhelming their budgets.
Another key theme was the role of documented evidence as an essential requirement for compliance. Because the new law is based on accountability, it is not enough to claim compliance: companies must prove it to the authorities with written protocols, activity logs, reports, and updated documentation.
This principle turns information management into a cross-cutting practice involving legal, IT, auditing, risk management, and corporate communication teams. Participants also emphasized that how a company responds to a breach or crisis can be as decisive as the incident itself, since it directly impacts reputation and market confidence.
Artificial intelligence (AI) was discussed as one of the most pressing new challenges. Generative AI tools, increasingly used in drafting, data analysis, and customer service, raise critical questions about the handling of personal information entered into such platforms.
The panel agreed that AI governance must be explicit and proactive. “Privacy and security by design” policies, human validation of critical decisions, and responsible-use protocols are now considered essential practices to avoid data leaks, biases, or high-impact errors.
Some companies already require that all technological projects—including AI initiatives—be assessed under privacy policies before implementation, reinforcing the principle that data protection must be embedded from the outset of every development.
Another theme was the perception of compliance as a cost versus its potential as a strategic investment. Frequently, security and privacy projects must compete for budgets against initiatives that appear more directly tied to business growth, such as market expansion or infrastructure upgrades.
However, the consensus was clear: investment in data protection brings tangible value by positioning companies as trusted players in global markets. International certifications, robust compliance processes, and contractual guarantees for clients and partners become significant differentiators.
As Ángel Anguita, Partner and CTO of Anguita Osorio, stated:
“Data protection must be seen as a competitive advantage, not only as a regulatory obligation”.
Beyond financial penalties, reputational damage was identified as the greatest risk for organizations. International cases show that mishandling an incident can result in the loss of trust, drops in share value, and long-term damage to corporate image.
Conversely, companies that manage crises transparently—with clear communication and effective contingency plans—have shown they can recover trust quickly and even strengthen their reputations.
In Chile, where citizens are increasingly attentive to how their personal data is managed, privacy protection is becoming a decisive factor in building trust between businesses, consumers, and communities.
Another significant part of the discussion focused on how the new law will impact small and medium-sized enterprises. While these businesses have fewer resources, they are not exempt from compliance obligations.
For SMEs, the key will be leveraging accessible solutions—from open-source tools to outsourced compliance services—that allow them to take concrete steps without undermining their operations. Mapping data, designating internal responsibilities, training staff, and adopting basic protocols were identified as immediate priorities.
The discussion concluded with a shared understanding: Chile is moving toward a new corporate culture regarding data protection. This shift goes beyond compliance with authorities; it means integrating privacy and security into corporate strategy, customer relationships, and organizational identity.
Evidence, transparency, responsible use of new technologies, and viewing privacy as a strategic asset were highlighted as the pillars of success in this new environment.
As José Jasinski Díaz, Data Protection Officer at Inchcape Americas, summarized:
“Privacy can become an asset for the company. It’s not just about avoiding fines; it’s also about opening doors in markets that demand high standards”.
The enforcement of Chile’s Data Protection Law not only requires companies to review internal processes but also redefines how data is managed and valued. Technology emerges as the main tool for compliance, but its effectiveness will depend on organizations’ ability to foster culture, generate evidence, and build trust.
By convening this dialogue, BritCham Chile underscored that the real question is no longer if companies should invest in data protection, but how and when they will do it to ensure that investment becomes a source of competitive and reputational advantage.
As Jocelyn Arteaga, CISO of BUPA Chile, noted:
“In healthcare, a cyberattack is not only about financial losses—it can cost lives. That is why internal awareness and training are essential”.
Data protection is no longer the exclusive domain of lawyers or IT specialists. It has become a transversal, strategic, and permanent responsibility. In Chile’s new landscape, protecting personal information means protecting trust, competitiveness, and the very future of organizations.
