Chile

● Chile established Law 19,628 On the Protection of Private Life in 1999. It is the only law governing personal data protection in Chile at present.

● Chile introduced Bill 11,144-07 on March 25, 2017. The bill established detailed regulations of major issues such as cross-border transfer of personal data and establishment of a supervisory authority for personal data protection, aiming to greatly improve the personal data protection level of Chile. However, the bill has not yet come into force and is still in discussion.

● In addition to the preceding legal provisions, other regulations regarding personal data protection are scattered throughout Chile's criminal and civil laws, which, together with Law No. 19,628, constitute the legal and regulatory system on personal data protection.

Legal compliance is critical for business operations. We share our experience and our best practices with personal data protection to help you achieve compliance with security regulations faster.

The Financial Markets Committee (CMF) has issued a series of guidelines and announcements to promote the healthy development of financial markets. The main regulatory guidelines and circulars are as follows:

1. RAN20-7 Outsourcing of Services: This section sets out requirements on how to manage outsourced services that financial institutions consider as part of their general operational risk assessment and management processes, and the risk management of physical services outsourcing is reviewed by the Chilean Financial Market Commission
2. RAN20-8 Operational Incident Information: The chapter requires financial institutions to submit information to the regulatory authorities in the event of a business incident, to provide appropriate information to customers in specific incidents, and to the responsibility of banks to share information about cybersecurity-related attacks.
3. RAN20-9 Business Continuity Management: This chapter sets out minimum guidelines for the business continuity management of banking companies, which will be taken into account in the management assessment of the supervisory authority.
4. RAN20-10 Information Security and Cybersecurity Management: This chapter includes provisions based on good practice, which should be considered as minimum guidelines to be followed by entities with regard to information security and cybersecurity management, and will form part of the Financial Markets Committee's management assessment of banks in the area of operational risk.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Chile describes how Huawei Cloud can help you meet the regulatory requirements of the financial industry in Chile.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.