Data protection & privacy laws in Guatemala (2026)

Guatemala has not enacted a general personal data protection statute as of May 2026, and no dedicated independent data protection authority exists. The overall regime is fragmented and sector-incomplete.

Decree 57-2008 (Ley de Acceso a la Información Pública) defines personal data and sensitive personal data (Art. 9) and grants a habeas data right (Art. 30) against public bodies and private entities receiving public funding, allowing individuals to access, correct, and delete their data.

The Procurador de los Derechos Humanos (Human Rights Ombudsman) holds nominal oversight for habeas data matters under Article 46 of the LAIP; no specialized independent data protection authority has been created.

Initiatives 6103 (Ley Integral de Protección de Datos) and 6572 are before Congress, alongside a 2025 GDPR-modelled bill introduced by deputy Nery Rodas; as of May 2026 none has completed the full legislative approval process.

The leading proposed bills would apply to all data controllers (public and private) processing personal data in Guatemala, establish an independent supervisory authority with sanctioning powers, and enshrine rights of access, rectification, and erasure aligned with GDPR standards.

Guatemala's 1985 Constitution (Article 24) establishes inviolability of correspondence and communications; the Constitutional Court has recognized derived privacy rights, providing the constitutional underpinning for data protection claims absent a dedicated statute.