Peru’s updated data protection framework now requires many companies to appoint a Data Protection Officer (DPO) under the revamped Personal Data Protection Law (Law No. 29733) and its implementing rules. The DPO must oversee compliance, advise on privacy obligations, and act as the liaison with Peru’s data authority. The requirement applies progressively based on sales volume and the type of data processed. Practical challenges include qualification standards, appointment procedures, internal liability risks, and ensuring availability for regulatory contact, especially for multinational firms.
