WHAT HAS THE IMPACT BEEN ON MIDDLE MARKET BUSINESSES IN THE AFTERMATH OF ‘STORM GDPR?
When the GDPR came into force in Latin America, just a small number of companies, mostly made up of the large European multinationals, were prepared for it. Within the majority of the smaller multinationals and in almost all of the local companies dealing with businesses in Europe, top management were still trying to understand the effects of the law and how they should proceed to be compliant. Almost a year after Storm GDPR, the level of knowledge about the regulation in Latin America is significantly different. Large portions of businesses are already compliant and many are working on a compliance plan, but there are still some businesses that have not even started to become GDPR ready. The countries in Latin America have also seen local regulations, similar to the GDPR, coming into force in the last year and this contributed to an increased knowledge about the data protection regulation in general.
“In Latin America, there are still some businesses that have not even started to become GDPR ready.”
THE GDPR PRINCIPLES
GDPR legislation fundamentally changes the rules of how a business engages, interacts, processes, transfers and stores personal identifiable information or data. There are seven principles to the General Data Protection Regulation:
- Lawful, fair and transparent data handling
- Only use data for stated purposes
- Do not collect more data than you need
- Keep data accurate and up-to-date
- Don’t keep personal data for longer than it’s needed
- Keep personal data secure
- Be able to demonstrate compliance
WHAT IS ON THE HORIZON FOR DATA PROTECTION?
Latin American bodies are now moving to enforce their own data privacy laws; most notably Brazil, Chile, Argentina and Mexico who are all moving to bring in stricter regulations. Until very recently, Brazil lacked a specific law to regulate data security. However, in light of the GDPR, the Brazilian Senate sanctioned the Brazilian General Data Protection Law in July 2018, which governs rights and obligations when processing and storing personal data. Similar to the GDPR, organisations can be expected to appoint data protection officers and also be under threat from possible fines of up to 2% of gross revenues if non-compliant.
For more information on the GDPR legislation, and advice on any relevant GDPR training, please contact us.