Last review date: 30 December 2024
☒ omnibus – all personal data
☒ sector-specific — e.g., financial institutions, governmental bodies
Last review date: 30 December 2024
- Law N° 18,331 (Law on the Protection of Personal Data and Habeas Data Action) and its Regulating Decree N° 414/009
- Law N° 19,670 (Accountability Act and Balancing of Budget Execution of the Exercise 2017) and its Regulating Decree N° 64/020
Last review date: 30 December 2024
There are no specific cybersecurity laws or regulations that are applicable to private entities. Data Protection Law 18,331 and its complementary regulations contain some sections in this regard. On the other hand, there are some provisions that apply to public entities.
- Law 20.327 on cybercrimes establishes a regulatory framework for crimes committed in the digital environment. https://www.impo.com.uy/bases/leyes-originales/20327-2024
Last review date: 30 December 2024
There are no specific laws or regulations regarding non-personal data.
The Agency for the Development of Electronic Government and the Information-Based Society (AGESIC by its acronym in Spanish), published the "National Data Strategy 2030" on 26 December 2024.
The guidelines aim to promote the availability and strategic use of data as an asset for evidence-based decision-making, innovation for the benefit of the entire society, inclusive economic growth, and the strengthening of the pillars of democracy. It leverages on data to increase transparency, accountability, citizen participation, and efficiency in the provision of public services while respecting the protection of personal data.