We invite you to read the opinion piece by our Compliance Group Director, Yoab Bitran, and senior associate at az Tech, Antonia Nudman, on personal data and the challenge of aligning legal compliance and technology.
The entry into force of Chile’s new Personal Data Protection Law will mark a significant shift in how companies manage information. However, beyond the regulatory adjustments introduced by the law, the true challenge for organizations in 2026 will be different: ensuring that legal compliance and technological implementation advance in a coordinated manner.
In many companies, regulatory compliance projects are typically handled primarily by the legal or compliance departments. This is understandable: these departments are the ones that interpret the regulations, define obligations, and draft internal policies. However, when it comes to data protection, this approach is incomplete if it is not closely coordinated with the technology departments.
The reason is simple. While the legal department defines what the law requires—for example, processing principles, legal bases, information obligations, or security measures—it is the technology departments that must translate those requirements into concrete practices within the organization’s systems, platforms, and processes. In other words, legal compliance necessarily requires technical implementation to be effective.
This becomes particularly evident in areas such as database access management, the traceability of processing operations, the implementation of security measures, incident management, and the secure deletion of information. All these elements are part of regulatory compliance, but their execution depends largely on the company’s technological architecture.
Therefore, one of the main challenges for organizations in this new landscape will be to bridge the gap between these two worlds. Data protection compliance cannot be merely a documentary exercise, nor can it be exclusively technological: it requires ongoing coordination between those who interpret the law and those who design and implement the systems.
In this context, the role of the advisor is also evolving. It is no longer sufficient to provide a legal interpretation of the law or to draft compliance policies and documents. Effective implementation requires addressing the process from both dimensions: the regulatory and the technical. In this regard, the advisor must have a solid legal perspective and, ideally, also possess knowledge of information security that enables them to engage with the organization’s technology teams. Only in this way is it possible to adequately support the implementation process, addressing it both from a regulatory perspective (theory) and from the operational reality of the systems (practice).
Precisely for this reason, it is increasingly common for external advisory teams to incorporate interdisciplinary profiles, including engineers or information security specialists who can approach implementation from a comprehensive perspective and facilitate coordination between an organization’s legal and technology departments.
Ultimately, the new regulation presents a challenge that is both organizational and technical. Companies that successfully integrate the work of their legal and technology departments will not only be better prepared to comply with the law but also to responsibly manage one of the most sensitive resources in the digital economy: people’s personal information.
Column written by:
Yoab Bitran | Compliance Group Dircetor | ybitran@az.cl
Antonia Nudman | Senior Associate az Tech | anudman@az.cl
