Peru

The Protection of Personal Data Law (PDPL) and Law No. 27489 are Peru's primary regulations on personal data protection.

•The PDPL was enacted in June 2011 to establish a general framework, and specific administrative bodies were established to enforce the laws.

•Peru issued the Supreme Decree No. 003-2013-JUS in March 2013. The decree described the content of PDPL, clarified the responsibilities of all parties involved in the process of personal data protection, and helped with the smooth implementation of PDPL. In 2024, Supreme Decree No. 016-2024-JUS was published in the Official Gazette of Peru, approving the revision of Law Regulation No. 29733, introducing key changes and repealing the previous version.

Huawei Cloud white paper Huawei Cloud Guide to PDPL Compliance in Peru describes Huawei's experience and best practices in privacy protection along with how Huawei Cloud can help you comply with Peru's PDPL.

The Superintendency of Banking, Insurance, and Private Pension Fund Administrators (SBS) is an autonomous institution responsible for the supervision of the Peruvian financial and insurance systems.

● SBS approved Regulation No. 504-2021 on information security and cybersecurity management on February 23, 2021. This regulation aims to align the established information security requirements in Peru with international standards and best practices. The regulation stipulates that financial institutions must have cybersecurity programs, authentication processes available on digital channels, and security measures for services provided by third parties. The regulation went into effect on July 1, 2021, and the certification-related requirements were set to take effect on July 1, 2022.

As a cloud service provider, Huawei Cloud is committed to helping you meet these regulatory requirements and continuously providing you with cloud services and environments that meet financial industry requirements.

To promote national digital transformation and standardize the digital construction of the government industry, Peru has enacted legislation to specify the digital construction requirements of government institutions and other related entities. Main regulations include:

● Digital Trust Framework. This Framework is an important regulation developed by the country to strengthen trust in digital services, covering digital security, data protection, and risk management. The framework puts forward a series of specific requirements for public entities to ensure the security and reliability of their communication services. Digital Trust Framework applies to government public entities, but it does not apply to cloud service providers.

● Digital Government Law. This Law establishes a framework of digital government governance in key domains like digital identity, digital services, architecture, interoperability, security, and data management. Digital Government Law Regulations. These Regulations, released in 2021 under Digital Government Law, specify the conditions, requirements, and rules for the use of techniques and electronic means in administrative procedures with the aims of improving the efficiency, transparency and accessibility of public services by standardizing management of digital identities, services, architecture, security, and data. Digital Government Law and Digital Government Law Regulations emphasize the responsibilities of public entities in ensuring information security and digital security, but do not apply to cloud service providers.

HUAWEI CLOUD white paper HUAWEI CLOUD Peru Government Industry Security Compliance Guide describes how HUAWEI CLOUD will help you meet Peru's security requirements for the use of cloud services in the government industry.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF) , and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.