SERVICE 005 — ARTICLE 49
The insurance the law itself offers you
Law 21,719 expressly recognizes that having a certified infringement prevention model mitigates your liability. It's the difference between an exemplary fine and a moderate sanction — and almost nobody in the technology market is offering it.
A system, not a binder.
The infringement prevention model is the data protection equivalent of the crime prevention model under Law 20,393: a formal program that proves your company organized itself seriously to not break the law.
If the Agency audits or sanctions you, having the model operating and with evidence works directly in your favor. Having it printed in a binder nobody opens does not.
That's why we build it on the same tooling as your day-to-day compliance: the model feeds itself on the evidence your operation already generates.
PRACTICAL EFFECT
MITIGATING FACTOR
A circumstance the Agency must consider when grading the sanction — alongside cooperation and self-reporting. In a regime with fines of up to 20,000 UTM, grading is real money.
What the rule requires it to contain.
Appointment of the prevention officer
With autonomy, resources and direct access to management, as the rule requires.
Identification of risk activities
An infringement risk matrix specific to your operation: which processing activities could lead to minor, serious or very serious infringements.
Protocols and procedures
Concrete rules to prevent each identified risk, integrated into the workflows we already implemented.
Oversight and internal audit
A review calendar, indicators and reports to management that prove the model actually operates.
Internal sanctions and whistleblowing channel
Defined consequences for internal non-compliance and a channel to report deviations.