GDPR: the importance of privacy and data usage
June 28, 2021
Three ways you can deliver your product to another country
August 4, 2021
This publication compares three different frameworks for the regulation of personal data. It considers the laws in Mexico and the European Union (EU). At the same time, a brief mention is made of the way in which they are regulated in the United States (US). However, it does not go into further detail due to the limitations of its legal structure.
The way in which privacy and personal data protection are regulated changes with respect to jurisdiction, in other words, to the legal framework of different territories. In the case of the European Union, the General Data Protection Regulation (GDPR) is applicable to all member countries. At the same time, in Mexico, they are regulated by federal laws that apply to all states within the country. In the case of the United States, they change between states.
In order to make the comparison, some of the most important concepts within the laws related to the protection of personal data are taken into account.
In this process it is observed that the laws have similar shades but that in particular they have implications that make a big difference as is the case of representatives or sensitive data within companies in the context of the EU GDPR and the LFPDPPP of Mexico.
¡Start complying with personal data protection regulations with this guide!
Data Protection Laws
Mexico:
- Public Sector: General Law for the Protection of Personal Data in Possession of Obligated Subjects.
- Private Sector: Federal Law for the Protection of Personal Data in Possession of Private Parties (LFPDPPP).
European Union:
- General Data Protection Regulation (GDPR).
- The EU can fine your company even if it is incorporated outside its territory, learn more here.
United States:
- There is no data protection act at the federal level.
- Federal Trade Commission (FTC) Act: intended to protect consumers from unfair trade practices.
- Financial Services Modernization Act: protection of financial services customers.
- Heald Insurance Portability and Accountability Act (HIPAA A): regulates medical information used in hospitals, insurance companies and pharmacies.
- CAN-SPAM Act: governs the collection and use of telephone numbers and e-mails for marketing purposes.
- California Consumer Privacy Act (CCPA).
Main Actors
LFPDPPP:
- The Holder: the person to whom the personal data belongs.
- The Responsible: the individual or legal entity that decides on the processing of personal data.
- The Processor: a natural or legal person, external to the organization responsible for the processing, who processes personal data on behalf of and for the account of the responsible person.
- Designated person for data protection: follows up on requests to data subjects and promotes the protection of personal data within the organization.
GDPR:
- Natural person: EU citizen/ data subject.
- Controller: legal or natural person who determines the data processing.
- Processor: entity that processes the data on behalf of the controller.
- Representative.
- Data Protection Officer: person with knowledge of data use who assists Controllers and Processors.
Rights
LFPDPPP:
- Access: Request access to your personal data contained in databases, files, records, etc.
- Rectification: when your personal data is incorrect.
- Cancellation: request that your personal data be deleted. Not in all cases it will be possible to delete it, mainly in the framework of legal issues.
- Opposition: request that your personal data not be used for certain purposes.
GDPR:
- Breach notification: the right to be informed if your data is compromised.
- Expanded Subject Access: in addition to these rights, access to information about how your information is being processed and for what purposes.
- To be forgotten: delete your personal data, cease further dissemination of your data and stop third parties from processing your data.
- Data Portability:
LFPDPPP:
They suggest special treatment but not the implementation of specific measures at the institutional level.
- Racial or ethnic origin
- Health status (present, past and future)
- Genetic information
- Religious, philosophical, and moral beliefs
- Syndicate affiliation
- Political opinions
- Sexual preferences
GDPR:
They have direct and strict implications in terms of the organization of the company.
- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Syndicate affiliation.
- Biometric data.
- Sexual life and sexual orientation.
Conclusions
- In Mexico there are different laws for the public and private sectors. While in the European Union, the GDPR applies to all entities that collect or process data.
- In the US there is no federal data regulator. Data protection depends on the complaint and the types of data affected.
- Although the GDPR does not distinguish between financial and personal data, it does implement in the holder's rights greater control measures with respect to privacy.
English 
Spanish 
1 Comment
[…] Conoce más sobre tus derechos en México las diferencias frente al marco legal para protección de … […]