One of the main aspects addressed by the new law is the basic principles to which data controllers must comply with, whether public or private entities. These principles are as follows:

• Legality;
• thruthfulness;
• Purpose;
• Previous informed consent;
• Data security;
• Reserve;
• Liability.

The aforementioned principles, which are set out in the Law, will allow to settle the disputes which may arise in the application of data protection provisions.

Other prominent issues include the creation of a supervisory body in charge of monitoring compliance with the new Law, which shall be known as Personal Data Regulatory and Supervisory Unit (Unidad Reguladora y de Control de Datos Personales, that despite being under the supervision of the Agency for Governance of Electronic Management and Information Society (Agencia para el Desarrollo del Gobierno de Gestión Electrónica y la Sociedad de la Información, AGESIC, will act as an independent body with full technical capacity.

Finally, it must be noted that the Law foresees a procedure known as “Habeas Data”, which may be commenced by data subjects against public or private data controllers. This procedure is similar to the procedure for protection of rights (Tutela de Derechos), the only difference being that the competent body is a Judicial Court and not an Administrative body.