Support Centre

Mexico

Summary

Law: Federal Law on Protection of Personal Data Held by Private Parties ('FLPPDPP'), Regulations to the Federal Law on Protection of Personal Data Held by Private Parties ('the Regulations')

Regulator: National Institute for Access to Information and Protection of Personal Data ('INAI')

Summary: The FLPPDPP, the Regulations, and the Guidelines on Privacy Notices ('the Guidelines') (only available in Spanish here) establish the principles and minimum standards for processing personal data and form the bases of the regulatory framework for the protection of personal data in Mexico's private sector. There are also sector-specific laws in the financial services and health and pharmaceutical sectors. Notably, under the current legislative framework there is no requirement to inform the INAI or any other state authority when a data breach occurs.

Insights

Artificial intelligence ('AI') is undoubtedly one of the most pertinent subjects for data protection regulation, due in part to the huge quantities of personal data such technologies require to operate. Héctor E. Guzmán Rodríguez, Partner at Bello, Gallardo, Bonequi y García, S.C., discusses this topic with reference to the National Institute for Access to Information and Protection of Personal Data's ('INAI') guidance on the same.

Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data. In this three-part series, OneTrust DataGuidance provides an overview of key trends in data localisation and data residency, outlining underlining approaches to the same, as well as common trends associated with sector and categories of data.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Federal Law on the Protection of Personal Data Held by Private Parties 2010 (the Federal Law) and the Regulations to the Federal Law on the Protection of Personal Data Held by Private Parties 2011 (the Regulations).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Federal Law and the Regulations with the  GDPR.

You can access the latest version of the report here.