[ad_1]
By Jordi Greenham *
Have you ever wondered why we all recently receive e-mails changing the privacy policies of several global companies?
The emergence of new technologies has changed the rules of the game for everyone.
One of the things that allow us to do, is that it is possible to duplicate and transmit, almost without cost, any information or dataset from one system to another, without having to draw a single file.
opportunities, have also created challenges, such as the protection of personal data. In Europe, since 1973, they have proposed a treaty between member countries of the then Council of Europe to establish the obligation to provide confidentiality rules in the laws of their countries. With the liberalization of the Internet, this Treaty was transformed into Directive 95/46 / EC of the Parliament and the Council of the European Community, which was in force between 1995 and 25 May 2018, the date on which it was replaced by GDPR
On April 27, 2016, the Parliament of the European Union repealed the Directive and replaced it with the General Data Protection Regulation (GDPR), applicable on May 25, 2018, giving European companies a period of just over two years to prepare. This new rule prohibits, except in certain cases, any transfer of data to countries outside the European Union.
For GDPR, a personal data is one that can be used to determine the identity of one or more natural persons. 19659004] The processing of personal data in the European Union is subject to principles which include: limitation of processing: personal data will only be used through a privacy notice; privacy by design: systems used for processing, consider specific measures to protect information; Default Privacy: When the individual receives multiple options, the pre-filled will always be the one that involves a greater degree of protection; and proactive responsibility: the manager must be able to demonstrate that he has taken the necessary steps to protect the data.
The GDPR also establishes rights regarding the treatment of personal data:
Access : The holders have the right to know which data the responsible person has and for what he uses them;
Correction : Owners have the right to ask the person responsible to correct the personal data;
Explanation : When personal data are processed exclusively by computerized means and human valuation does not occur, holders have the right to be explained the reasoning that made the program;
Annulment : Holders are entitled to request that their data be removed from the data bases of the responsible person, the term "right to be forgotten"; and
Opposition : Holders have the right to legally require the person responsible to stop processing their data and may subject them to a penalty.
Mexico has a federal law since 2010 of data protection in the possession of individuals. It already provided for many rules that would be necessary for the adaptation of the national legal framework, but this law only applied to those who processed personal data, and not to public entities. In January 2017, the General Data Protection Act with mandatory topics was approved, establishing uniform rules for data protection at all levels of government.
Mexico was invited in 2018 to sign Convention 108 of the Council of Europe in the field of data protection, which can be an important step in the way to harmonize the Mexican rules for allow an exchange without barriers of entry. With this, the legal framework will have to be re-evaluated in order to badyze whether the changes that the regulation has made with respect to the directive are incorporated, then to approach the European Commission to request an adaptation decision.
Should I do if my company processes personal data?
It is very important that you not only have a data protection policy and privacy notice that comply with Mexican law, but also if your business processes contemplate the principles mentioned above. Unfortunately, there are Mexican companies that are only trying to comply with the exceptions of the law, instead of proactively protecting the personal data of their customers. Those who do, not only risk their reputation, but also run the legal risk that the INAI or the Mexican or foreign courts do not accept that the exception applies and determine a liability. towards the company, exposing it to fairly high fines, and in some cases, criminal liability.
* Founder and CEO of Homie.mx.
The opinions expressed are the sole responsibility of the authors and are completely independent of the position and editorial line of Forbes México .
[ad_2]
Source link