Law 21.719 specialists · Chile

We implement Chile's
Law 21.719 end to end.

Diagnosis, legal counsel, operations, technology and ongoing support so your organization is ready for the December 2026 enforcement. We don't just explain the law — we leave it implemented.

Request assessment See the implementation plan

Part of Alaya Digital Solutions · 20+ years · Team 100% in Chile

20+ Years of experience
5 Stages · our methodology
100% Team based in Chile
Track record

Compliance experience,
focused on the Chilean market.

Over 20 years advising large organizations in Chile since 2005, with a team based in Chile, up to date with the local regulatory framework.

100%
Chile

Team based in Chile

We're no one's branch office. We know the Chilean regulatory reality and support your team on the ground, not remotely.

20+

20+ years of experience

Part of Alaya Digital Solutions, advising large organizations since 2005.

Banking & retail

We support banking, retail and other regulated-sector organizations in their Law 21.719 compliance process.

Complex projects

Experience in complex governance, security and digital transformation projects for leading clients.

Organizations that have trusted Alaya Digital Solutions

Banking, mining, retail and public sector.

Regulatory context

Data protection in Chile:
Law 21.719 now has a date.

The Personal Data Protection Agency begins enforcement on December 1, 2026, with fines up to 20,000 UTM for the most serious infringements. Getting compliant takes 1 to 6 months: the time to prepare is now.

Learn about the law
Dec 1 2026 Enforcement begins
20k UTM Maximum fine
5 rights ARSOP for data subjects
30 days Response window
What we implement

Concrete compliance deliverables,
not just recommendations.

We're already implementing Law 21.719 in banking and retail organizations in Chile. We combine over 20 years of experience in complex projects with our own methodology for diagnosis, prioritization, plan, execution and ongoing operation. These are the components we leave up and running inside your organization.

Data inventory & records

Records of processing activities (RoPA): which data you process, for what purpose and on what basis.

Lawful bases

We define and document the legal basis for every personal-data processing activity.

ARSOP rights management

Processes to handle access, rectification, erasure, objection and portability within deadline.

Breach notification

A procedure to detect, contain and notify incidents to the Agency and to data subjects.

Contracts with processors & third parties

Processing clauses and contracts (DPAs) with vendors and third parties that access data.

Impact assessments

Data protection impact assessments (DPIAs) for high-risk processing, when applicable.

Training & internal governance

Roles, internal policies and team training to sustain compliance over time.

Policies & documentation

Privacy notices, policies and evidence organized and ready for an audit.

Some of the organizations that have trusted Alaya Digital Solutions

Implementation methodology

Law 21.719 compliance:
a clear method from diagnosis to ongoing operation.

Five ordered stages to move from "I don't know where to start" to compliance that is operating and sustainable.

  1. 01

    Diagnosis

    We assess processing activities, risks and gaps against Law 21.719.

    Starting point
  2. 02

    Gap prioritization

    We rank findings by regulatory risk and business impact.

    Focus
  3. 03

    Compliance plan

    We design the adaptation plan with owners, deliverables and timelines.

    Roadmap
  4. 04

    Execution

    We put contracts, policies and processes into motion and enable the technology (OneTrust or our solution for SMEs).

    Implementation
  5. 05

    Ongoing operation

    We operate, monitor and support you in the event of an audit.

    Long term
Solutions

A compliance path
for every organization.

The same rigor, with the scope each organization needs. Choose based on the size and complexity of your operation.

SME & mid-market

Guided, practical compliance

Fast, supported implementation

A direct path to get compliant without friction or unnecessary complexity.

  • Diagnosis and prioritized plan
  • Ready-to-use documentation and policies
  • ARSOP rights management
  • Team training
  • Support throughout the process

For companies that need to comply quickly and well, without complexity.

Enterprise

Integral implementation with governance and technology

Comprehensive end-to-end compliance

Data governance, automation and integration for regulated, high-volume environments.

  • Data governance and operating model
  • Process flows and automation
  • Integration with your systems
  • OneTrust platform, world leader
  • Dedicated team and support

For banking, retail, mining and public sector in regulated environments.

Why AlayIAtrust

Not a single piece.
The complete implementation.

The market offers parts. We take ownership of Law 21.719 compliance from start to finish, with a single team.

  • We're not just software.
  • We're not just lawyers.
  • We're not just consulting.
We are

End-to-end implementation of Law 21.719 in Chile: legal, operations, technology and ongoing support in a single team.

Technology & alliances

We work with leading privacy and data-management platforms, such as OneTrust.

Cases & experience

We know how to implement
in the Chilean reality.

We combine local experience in regulated sectors with platforms of international standing.

Banking & financial services

Support in compliance and data governance for banking and financial services.

Retail

Retail & consumer

Data protection in high-volume operations with direct customer contact.

Mining

Mining & industry

Personal data of workers and contractors in industrial environments.

Public

Public sector

Processing of citizens' data with a focus on traceability and transparency.

We implement OneTrust, the privacy platform used by large organizations worldwide.

View OneTrust international cases →
Resources to implement

Guides to prepare
your compliance.

See the full blog
Frequently asked questions

What we get
asked most.

Who does Law 21.719 apply to?

Any organization that processes personal data of people in Chile, public or private, regardless of size or where it is incorporated. If you register customers, employees or users, the law applies to you.

How long does implementation take?

Between 1 and 6 months, depending on the size and maturity of your organization. Since enforcement begins in December 2026, it's best to start early to be ready in time.

What does the assessment include?

A 30-minute meeting to evaluate your situation. We then deliver a report with the gaps detected against Law 21.719 and a prioritized adaptation plan. No obligation.

What if I already have policies or tools?

We build on them. We start from what you already have, identify what's missing against the law, and complete your compliance without redoing what already works.

Do you work with SMEs and enterprise?

Yes. We have a guided solution for SMEs and mid-market, and an integral implementation with OneTrust for enterprise companies in banking, retail, mining and public sector.

What can the Agency audit?

The Personal Data Protection Agency can review your lawful bases, your records of processing activities, the handling of ARSOP rights, breach management and your compliance documentation.

Next step

Book a Law 21.719
assessment.

In 30 minutes we identify your readiness level and the next steps to be ready for enforcement. No obligation.

We reply within 24 business hours · No obligation

Or reach us directly: +56 9 6629 1149 comercial@alayiatrust.com