As of May 25, 2018, the EU General Data Protection Regulation (GDPR) is effective, applicable in Europe and impacting companies and users worldwide.
The scope of the new EU rules for data privacy is extended to non- EU companies processing EU residents personal data.
Although Mexican companies are already required to comply with data privacy policies under the Mexican Law on the Protection of Personal Data held by Private Individuals, new obligations may arise from the GDPR, considering EU residents are granted with upgraded rights under the GDPR, which must be respected when their personal data is collected or processed by a non- EU country.
Some innovations are:
1. Consent for data processing must be affirmative (by a positive action), clear and must cover all the purposes of the data treatment.
2. Regarding the data, it must comply with the following principles:
• Transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation (Right to be forgotten)
• Integrity and confidentiality
• Accountability (Demonstrate compliance)
3. Broader information duties.
4. Implementation of technical and organizational measures towards data security.
5. Administrative fines are up to 4% of total worldwide annual turnover of the preceding year or 20,000,000 EUR, whichever is higher.
Given that it is difficult to identify EU residents´ data and proceed with the appropriate data segmentation, as a practical solution, we recommend adapting your company´s data privacy policies to reflect the GDPR standards, for all your data.
Should you have any questions or comments regarding the foregoing, please do not hesitate to call your usual contact in the Firm.
Download PDF