Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP
Costa Rica's Law for the Protection of Persons Regarding the Processing of Their Personal Data (Law No. 8968 of 2011), as amended by Executive Decree No. 42089-MGP (2023), establishes a comprehensive data protection framework. The Data Protection Agency (Agencia de Protección de Datos, APD) oversees and enforces compliance, issues guidelines, and handles complaints.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
CR Ley 8968: Datos Sensibles, Seguridad y Confidencialidad
| Code | Title |
|---|---|
| CR-8968-Art.10 | Seguridad de los datos |
| CR-8968-Art.11 | Deber de confidencialidad |
| CR-8968-Art.12 | Protocolos de actuacion |
| CR-8968-Art.13 | Garantias efectivas |
| CR-8968-Art.9 | Categorias particulares de los datos (datos sensibles) |
CR Ley 8968: Denuncias, Procedimiento y Regimen Sancionatorio
| Code | Title |
|---|---|
| CR-8968-Art.24 | Denuncia |
| CR-8968-Art.25 | Tramite de las denuncias |
| CR-8968-Art.27 | Procedimiento sancionatorio |
| CR-8968-Art.28 | Sanciones (multas) |
| CR-8968-Art.29-31 | Tipificacion de faltas (leves, graves, gravisimas) |
| CR-8968-Art.33 | Canon por regulacion y administracion de bases de datos |
CR Ley 8968: Derechos del Titular (ARCO)
| Code | Title |
|---|---|
| CR-8968-Art.7 | Derechos de acceso, rectificacion, supresion y cesion (ARCO) |
| CR-8968-Art.8 | Excepciones a la autodeterminacion informativa |
CR Ley 8968: Disposiciones Generales y Ambito
| Code | Title |
|---|---|
| CR-8968-Art.1 | Objetivo y fin (autodeterminacion informativa) |
| CR-8968-Art.2 | Ambito de aplicacion |
| CR-8968-Art.3 | Definiciones |
CR Ley 8968: PRODHAB y Registro de Bases de Datos
| Code | Title |
|---|---|
| CR-8968-Art.15 | Agencia de Proteccion de Datos de los Habitantes (Prodhab) |
| CR-8968-Art.16 | Atribuciones de la Prodhab |
| CR-8968-Art.21 | Registro de archivos y bases de datos |
| CR-8968-Art.22 | Divulgacion del registro |
CR Ley 8968: Principios y Consentimiento
| Code | Title |
|---|---|
| CR-8968-Art.4 | Principio de autodeterminacion informativa |
| CR-8968-Art.5 | Principio de consentimiento informado |
| CR-8968-Art.6 | Principio de calidad de la informacion |
CR Ley 8968: Transferencia Internacional de Datos
| Code | Title |
|---|---|
| CR-8968-Art.14 | Transferencia de datos personales (regla general) |
Maps to 2 other frameworks
Frequently Asked Questions
What is Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP?
Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP is a compliance framework from Costa Rica with 7 domains and 24 controls. Costa Rica's Law for the Protection of Persons Regarding the Processing of Their Personal Data (Law No. 8968 of 2011), as amended by Executive Decree No. 42089-MGP (2023), establishes a comprehensive data protection framework. The Data Protection Agency (Agencia de Protección de Datos, APD) oversees and enforces compliance, issues guidelines, and handles complaints. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP have?
Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP has 24 controls organised across 7 domains. The largest domains are CR Ley 8968: Denuncias, Procedimiento y Regimen Sancionatorio (6 controls), CR Ley 8968: Datos Sensibles, Seguridad y Confidencialidad (5 controls), CR Ley 8968: PRODHAB y Registro de Bases de Datos (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP map to?
Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP maps to 2 other compliance frameworks. The top mapping partners are Colombia Data Protection Law (Law 1581 of 2012) (33% coverage), GDPR (21% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP compliance?
Start your Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Costa Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 24 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required