OneTrust DataGuidance and Baker McKenzie recently hosted a webinar on how to navigate an ever developing and challenging digital world in the Latin American countries of Argentina, Brazil, Chile, Colombia, Mexico and Peru.
The webinar provides an overview of the LGPD and the data protection bills currently being considered in Chile, Peru and Argentina. In particular, the webinar highlights the legislative status of these bills, as well as outlines key requirements that businesses need to consider. Other key topics discussed include database registration requirements, cross-border transfers, data subject’s consent, security data breaches and the right to erasure. Finally, the implications of the GDPR and the CCPA for businesses in Latin America are analysed, including their significance and impact on local data protection laws.
In 2018, the Argentinian executive branch introduced a bill to replace the current personal data protection law
Among other requirements, the bill obliges governmental agencies, companies processing large scale data and companies processing sensitive data to appoint a data protection officer. While the review of the bill is currently suspended, the bill is thought to be implemented in 2019, after the October elections.
The National Congress of Chile is currently considering a new data protection bill
The bill includes new rights for data subjects, new obligations for data controllers and specific consent requirements, and will create special categories for personal data such as biometric data that will be subject to specific rules.
Database registration requirements differ across Latin America
Last year, the Argentinian data protection authority (‘DPA’) stated that companies located in the country are now responsible for registering their databases. This is a free online service that does not require annual renewal. In Peru, law requires the registration of databases with the DPA. In Brazil, there is a new obligation under the LGPD to register all databases with the DPA. Finally, in Colombia, any company that has assets or a local presence within the country has to register databases with the DPA. There is currently a debate on whether or not foreign companies that handle Colombian data subjects’ information are required to register their databases. The speakers noted that the DPA has yet to comment on this.
DPAs are becoming increasingly active in enforcing data protection legislation in Latin America
Within the last few months, the Colombian DPA has been highly active in imposing fines on companies that have not destroyed information that was no longer required, and on data processors that have not obtained consent from data subjects. In Colombia, it is expected that in the next few months, the DPA will be highly active in imposing more fines, as data protection is considered a high priority. Countries that have been moderately active in enforcing legislation include Brazil, Argentina, Peru and Mexico. In Chile, enforcement is currently low as there is no DPA.
The global impact of the GDPR and CCPA
Recent trends include the revision of local data privacy policies and the implementation of data transfer agreements and European model clauses as a result of the enactment of the GDPR. In terms of the CCPA, an assessment is made of the territorial scope of the CCPA, the expansive definition of personal information, the rights of access and deletion, and the ability for consumers to opt-out of the sale of personal information.
How OneTrust DataGuidance helps
OneTrust DataGuidance provides a suite of privacy solutions designed to help you monitor regulatory developments, mitigate risk, and achieve global compliance, including across Latin America. With focused guidance around core topics, comparative cross-border charts, a daily customised news service, and expert analysis, OneTrust DataGuidance provides industry leading solutions to design and support your entire privacy program.
OneTrust DataGuidance also offers GDPR Benchmarking tools and reports, which include the LGPD and the CCPA. The suite of tools assist organisations understand and examine core requirements under each law in order to determine their consistency for gap analysis and assessment, and contribute to the development of global compliance programs.