Data Protection and Privacy

Companies operating in Ecuador require practical data protection frameworks that comply with the LOPDP while remaining workable for day-to-day business operations.

We advise companies across different industries, particularly those operating in regulated environments or handling large volumes of personal data. Our work covers the full lifecycle of privacy compliance, from initial assessments and governance design to ongoing supervision through external Data Protection Officer (DPO) services.

What Sets Us Apart

Our approach focuses on operationalizing privacy compliance, reducing regulatory risk, and ensuring that personal data is handled responsibly throughout organizational processes tailored to business realities.

We design and implement data protection governance frameworks, act as external DPO for organisations that require ongoing oversight, and help multinational companies adapt global privacy policies to comply with Ecuador’s LOPDP.

Privacy Compliance & Governance

Implementation of personal data protection compliance systems under the Ecuadorian Organic Law on Personal Data Protection (LOPDP).
Design of privacy governance frameworks, including policies, procedures, and internal controls.
Drafting of privacy notices, contractual clauses, consent mechanisms, and internal documentation.
Implementation of training programmes and internal awareness initiatives for employees and management.

Our Team Leader

Denisse Unda, Attorney, LL.M.

Head of Compliance and Personal Data Protection Department

Génesis Landy Soria, Attorney, LL.M.

Deputy Head of Compliance and Personal Data Protection Department

Why Clients Work With Us

Turning compliance into operational certainty

We help companies build data protection frameworks that are practical, risk-based, and aligned with their day-to-day operations, allowing them to comply with Ecuadorian law without disrupting business continuity.

Protecting sensitive data and business reputation

Our team supports companies in identifying and mitigating legal, operational, and reputational risks arising from the processing of personal data, particularly in sensitive or highly regulated environments.

Ongoing privacy governance and strategic support

We advise clients not only on implementation, but also on the continuous management of their privacy obligations, including internal controls, documentation, third-party relationships, and response strategies before supervisory authorities.

Success Stories

Multinational pharmaceutical company

Implementation of a comprehensive data protection compliance system

We advised the Ecuadorian affiliate of a global pharmaceutical group on implementing a data protection compliance framework for the management of patient and healthcare professional information in medical and regulatory activities.
Result: implementation of a data governance model aligned with Ecuadorian data protection law and international standards in the pharmaceutical sector.

Specialized healthcare provider

Secure management of medical records and sensitive patient data

We advised a specialized medical center on implementing data protection protocols for the management of medical records and the ongoing processing of sensitive patient information.
Result: strengthened confidentiality safeguards and improved regulatory compliance in the handling of clinical data.

The Legal 500

The practice stands out for having a highly trained and experienced team in various fields of law, which allows them to offer personalised solutions to their clients. In addition, its commitment to excellence in client service is one of its main strengths.