Since 2010, a general obligation has been created to protect personal data held by individuals.
These obligations specifically result in duties of the holders of personal data such as, among others:
- Obtaining the consent of the owner (tacit, express or in writing, depending on the analysis of the case)
- Preparation and notification of the Privacy Notice, in accordance with the guidelines;
- Data transfer in accordance with current legislation (one of the most controversial points in this area)
- Adoption of protection and security measures (physical, administrative and technical)
- Determination of those responsible and in charge for each case of management or treatment
- Appointment of a personal data manager or department.
In this regard, and despite the few years (5) in which the law on the matter has been in force, we have accumulated experience that we can relate in the following way:
- Audits of individuals who wish to implement the necessary actions to take action in compliance with the corresponding obligations, such as: the drafting of ad hoc privacy notices, internal privacy policies, security measures and the creation of personal data departments or managers.
- Audits on treatments and policies already in place to assess whether they comply with Mexican regulations or require additional actions;
- Consulting on specific aspects of personal data protection, including national and international cases of violation or specific cases subject to enforcement actions in accordance with Mexican legislation.
- Consulting on administrative litigation regarding personal data.
To date, we offer our clients our experience not only in consulting on compliance implementation, but also in becoming their personal data department, which considerably reduces the costs generated by compliance in this area.