Costa Rica Privacy

What are Costa Rica’s data privacy regulations ?

The main data privacy regulations in Costa Rica are two laws. The first law is Law No. 7975, the Undisclosed Information Law, which makes it a crime to disclose confidential and/or personal information without authorization. The second law is Law No. 8968, Protection in the Handling of the Personal Data of Individuals together with its by-laws. They were enacted to regulate the activities of companies that administer databases containing personal information. Therefore, the scope of the second law is limited. 

The Costa Rican Congress is currently discussing a bill, which would fully amend the laws currently in effect. The proposed bill aims to update the laws and align its provisions to the principles contained in the EU General Data Protection Regulation (GDPR). It is still unclear when and if the proposed bill will be enacted. 

This solution will provide your organisation guidance on how to gain and maintain compliance with the Costa Rican data privacy laws. In order to also receive guidance on the GDPR, we recommend that you make use of this Costa Rican data privacy laws solution in combination with the GDPR solution.