- AWS
- Security, Identity, and Compliance
Chile Data Privacy
Overview
Chile's Data Protection Law No. 19.628, as substantially amended by Law No. 21.719 (2024) (“Chilean Data Protection Law”), establishes a comprehensive framework for personal data protection and international data transfers. The law creates an autonomous Data Protection Agency (Agencia de Protección de Datos Personales) as the supervisory authority. It takes effect in December 2026 and introduces GDPR-like principles — including legality, purpose limitation, proportionality, transparency, and security — along with significant fines for non-compliance.
AWS takes your privacy and data security seriously. Our infrastructure is custom-built for the cloud, designed to meet the most stringent security requirements in the world, and monitored around the clock to protect the confidentiality, integrity, and availability of your data. The same security experts who run our infrastructure also build and maintain our security services, which can help you meet your own security and regulatory requirements.
AWS implements technical and organizational security measures for its cloud infrastructure under globally recognized security frameworks and certifications, including ISO 27001, ISO 27017, ISO 27018, ISO 27701, PCI DSS Level 1, and SOC 1, 2, and 3. Independent third-party assessors validate these measures, which are designed to prevent unauthorized access to or disclosure of customer content.
ISO 27018, for example, is the first international code of practice focused on protecting personal data in the cloud. It provides guidance on controls for Personally Identifiable Information (PII) processed by public cloud providers, demonstrating that AWS has controls specifically designed to protect your content.
Under the AWS shared responsibility model, you control your content and are responsible for your own compliance with applicable laws, including Chile’s data privacy law and any secondary regulations issued by the Data Protection Agency. AWS provides infrastructure, security controls, tools, and resources to help you implement appropriate measures for your specific needs, including content classification, encryption, access management, and security credentials. You determine how to configure and use these capabilities based on your compliance requirements.
This page supplements AWS’s existing data privacy resources to help you understand how the AWS Shared Responsibility Model applies when you process personal data in AWS infrastructure, including the upcoming AWS South America (Chile) Region.
Note on Secondary Regulation
Law No. 21.719 provides for the Data Protection Agency to issue secondary regulations specifying compliance requirements in more detail, including rules on international transfers, technical safeguards, and enforcement. AWS is monitoring these regulatory developments.
FAQs
Open allYes. All AWS services can be used in compliance with the Chilean Data Protection Law to store and process personal data. AWS provides technical and contractual mechanisms as well as security measures to support your compliance.
- AWS cloud security — security measures that AWS implements and operates
- Customer cloud security — security measures that you implement for your content and applications running on AWS
Under the AWS Shared Responsibility Model, you control the security measures you implement to protect your content, platform, applications, systems, and networks — just as you would in your own data center. You can rely on AWS’s technical and organizational safeguards as a foundation and build on them with your own controls, such as encryption and multi-factor authentication, including through AWS Identity and Access Management.
When evaluating cloud security, it helps to distinguish between two layers:
- Choose where your content is stored, including the type of storage and geographic location
- Control the format of your content — plain text, masked, anonymized, or encrypted — using AWS-provided or third-party encryption
- Manage access controls, including identity and access management and security credentials
- Control network security measures, such as TLS and virtual private cloud (VPC) configurations, to prevent unauthorized access
You own and control your content. You decide which AWS services process, store, and receive it. AWS does not have visibility into your content and does not access it except to provide the services you have selected or as required by law or a binding legal order.
Within the AWS environment, you can:
This gives you full control over your content’s lifecycle on AWS, including classification, access, retention, and deletion.
You choose the AWS Region or Regions where your content is stored. This lets you meet specific geographic requirements for your workloads. For example, a customer that wants to store data only in Australia can choose to use exclusively the AWS Asia Pacific (Sydney) Region. See the AWS Regions webpage for other storage options.
You can replicate and back up content across multiple Regions. AWS will not transfer or replicate your content outside your chosen Regions without your consent, except as required by law or a binding government order. Note that not all AWS services are available in every Region. See the AWS regional services page for details.
AWS data centers are organized into geographic groups called Regions. Each Region consists of multiple Availability Zones. See the AWS Global Infrastructure page for a full list.
AWS’s approach to data center security uses multiple layers of controls. We manage risks from natural events such as floods and earthquakes, and we use physical barriers, security guards, and threat detection technology to control access. Our systems are backed up regularly, equipment and processes are tested frequently, and our employees are continuously trained to respond to the unexpected.
External auditors test more than 2,600 standards and requirements each year to validate our security. As a result, some of the world’s most regulated organizations trust AWS to protect their data.
Learn more by taking a virtual tour of an AWS data center.
You can use any AWS Region, or a combination of Regions, including those in Brazil and the United States. AWS has also announced the upcoming AWS South America (Chile) Region, expected to be operational by the second half of 2026, which will offer local data residency options. Visit the AWS Global Infrastructure page for the latest availability information.