By Ab. Denisse Unda
Head of the Compliance and Personal Data Protection Department
Dear friends and clients:
Today, in a crucial event for privacy and data protection in our country, the three candidates to head the Personal Data Protection Control Authority shared their proposals and visions at the meeting of the Citizen Participation Council.
The election of one of these candidates as Superintendent will not only determine the future direction of personal data protection in the country, but also Ecuador's commitment to international standards of privacy and information security.
We offer a brief summary of the highlights of each candidate:
Fabrizio Peralta Díaz
Focus on awareness and education
Prioritizes awareness and education on data protection laws.
Proposes random inspections and international cooperation to strengthen data protection.
Emphasizes the importance of promoting preventive measures before exercising sanctioning powers.
María Paulina Casares Subía
Structure & Repair
Emphasizes the technical and organizational structure of the Superintendency.
Seeks to empower the data owner to prevent non-compliance.
Focuses on remediation as the main line of management, promoting social control and inter-institutional cooperation.
Luis Fernando Enríquez Álvarez
Security and Risk Management
Emphasizes the inseparability of data protection and information security.
Proposes a proactive and preventive vision based on risk management, emphasizing that the DPA is a technical entity.
Suggests the development of its own personal data processing impact assessment (PIA) software and the implementation of data protection management systems.
Emphasizes the importance of return on investment in cybersecurity and reducing the discretionary nature of the Superintendency's decisions through the use of intelligent and metric systems.
The Citizen Participation Council has 24 hours to elect a new privacy leader, which will affect both legal regulations and everyone's privacy management.
Budgetary challenge:
Given the crucial appointment of the new Superintendent of Personal Data Protection, one aspect that creates uncertainty and challenges is the estimation of the budget required for the establishment and optimal functioning of this entity.
Given the complexity and breadth of responsibilities that will fall to the Superintendency, from monitoring and enforcing regulations, to promoting citizen awareness, to developing systems and technologies for proper information management and compliance with data protection principles, it is difficult to accurately anticipate the financial resources that will be required. In this context, the allocation of the State budget becomes a critical factor that will determine the ability of the supervisory authority to carry out its mandate promptly and effectively.
The appointment of the Data Protection Commissioner poses the challenge of estimating the budget necessary for its effective operation, given its wide range of responsibilities, from oversight to technology development. Funding will be key to its effectiveness.
We will work diligently to inform you of the outcome of this designation and to assist you in your privacy compliance efforts as a company committed to privacy excellence and compliance.
