Understanding GDPR Compliances in Latin America

GDPR replaces all data protection laws throughout Europe. It also affects Latin America regulations because of the companies that do business with data collected from the EU citizens. Even if the corporations have no physical or legal existence in Europe, regulations apply. In general, GDPR mandates data collection, data management and individual rights of EU personal information. Data collected cannot transfer to/from companies outside the EU without assuring the same protections to the data obtained from EU citizens, even if the data face processing outside the EU. GDPR affects significant personal data, including human resource records and IP addresses.

Explore the main differences within data analyzing on our blog post 5 Differences Between Big Data And Business Intelligence.

What are a person’s rights under GDPR?  

 GDPR gives the following rights to individuals covered under its mandate:

  • Access.
  • To be forgotten.
  • To correct personal data.
  • To restrict data collection/processing.
  • To withdraw consent.
  • To have data portability.
  • To receive notice before collection.
  • To say no to automated profiling.

Organizations Outside the EU

Citizenship, nationality, and residence are not necessarily relevant for the application of the GDPR. Instead, the following activities and specific circumstances determine whether the regulations apply:

  • Processing personal data that results from the operations of a company established in the EU.
  • Processing personal data related to targeted offerings to people in the EU.
  • Processing personal data if a company provides goods or services to people in the EU.
  • Processings related to a business established in the EU.
  • Processing personal data that results from targeted offerings indirectly to persons in the EU.
  • Processing personal data that results indirectly from goods or services provided to people in the EU.
  • Processing data related to the profiling of people in the EU and sometimes to people not in the EU.

 For more information read http://medium.com/mydata/does-the-gdpr-apply-in-the-us-c670702faf7f.

GDPR in Latin America

The current state of data protection in Latin America only refers to overall legislation in the following countries: Argentina, Colombia, Chile, Mexico, Peru, and Uruguay. Other countries, like Brazil, have enacted legislation that only covers particular protection areas. Venezuela has no specific data protection legislation but has some protections for privacy under its Federal Constitution that have been interpreted to apply to data protection. Countries like Paraguay so far appear to have no interest in passing legislation to comply with GDPR. Where local laws are not considered adequate protection for personal data covered by GDPR, the GDPR requires compliance with the EU regulation.


Argentina is a leader in Latin American data protection laws. The Section 43(3) of its constitution (1995) establish the individual’s right to get personal data stored in public or private venues. In 2000, Argentina strengthened its data protection laws. They regulated strictly the way companies collect and process personal data. The European Union (EU) recognized Argentina in 2003 as having adequate levels of data protection. In light of the 2018 GDPR regulation, Argentina has proposed changes to its Personal Data Protection Act to mirror the EU’s GDPR. The main differences are in the area of cross-border transfers to countries with looser data protections.


Along with Argentina, Uruguay is the only other Latin American country recognized to have adequate levels of data protection in light of the GDPR.


Data protection became part of the Chilean legal system in 1999. Its forerunner is the Personal Data Protection Law No. 19,628. Chile’s data protection laws do not comply with GDP’s full requirements. The reform of those laws has reached an advanced point, and the marketplace expects Chile to take GDPR into account soon.


Colombia has had data protection legislation in some form since 2008. The proposed legislation will give Colombian data protection the same global effect as GDPR. However, its laws do not include all the obligations of the GDPR. An example is the right to be forgotten and the appointment of data protection officers.


Mexico’s data protection laws have not been modified to comply with GDPR. Significant foreign investment in Mexico by European companies means that the obligations of the GDPR will necessarily apply to some business. Subsidiaries of European companies in Mexico will need to be aware of GDPR’s requirements.


Peru has had some form of data protection requirements since 2011. In 2017, the country approved legislation to put some teeth in its data protection provisions but still does not comply with GDPR.

Explore the main differences within data analyzing on our blog post 5 Differences Between Big Data And Business Intelligence.

You may also like

data connectivity and service assurance graphic

The Future of Service Assurance – Actionable Intelligence

Telecommunication Standards

The Ongoing Evolution of Telecommunication Standards

GDPR Compliance

5 Things on GDPR Compliance in North America