Vanegas Morales, present in the Knowledge Net Chapter Colombia organized by the Law Firm Gómez Pinzón Zuleta
The impact of the General Data Protection Regulation (GDPR) on Personal Data Protection legislation in Latin America
By Stella Sofía Vanegas Morales
Founding Partner of the Firm
In the event that took place on the past 23 of January, “a great opportunity to deepen the debate on the impacts of the general data protection regulation, and on the strengthening of prior, explicit, free, informed and verifiable consent” was generated.
Reflection on the impacts of the GDPR on companies
Reflecting on the Latin American regulations against the GDPR (General Data Protection Regulation) is a necessity. We must prepare our companies so they can continue being competitive in their business, while respecting and providing the necessary guarantees to the citizens who have trusted them with their personal information.
Starting this year, companies should consider including in their strategic planning a personal data treatment management plan, and based on it consider the resources they need to measure the impact the GDPR will have on them (mapping of personal data treatment operations and information flow charts), and forestall the possible risks arising from commercial activities or services that already do, or may take place abroad, and that are addressed to people located on the EU, and the means to meet them.
Additionally, it should be noted that there are already other countries in the world, different from the EU, that have been adapting their own regulations according to the GDPR.
The effects are already starting to appear
The GDPR has prompted a strengthening of the data protection culture, in particular it has emphasized on the issue, giving it the importance it has been claiming for several years.
For example, we can analyze the sanction France gave Google for “lack of transparency, wrong information, and lack of valid consent to personalize adds.”
In Latin America, there are already various countries that have been revising their data protection regulation, in order to recollect the best of it, and promote a proper protection to all citizens.
What should be addressed as a legal framework for business operations
- Consent reinforcement
- Accountability
- Portability
- Legitimate interest
- Data protection officials
- Risk assessment
- Project impact assessment
- “Privacy by Design”
- “Privacy by Default”
Among many other topics, it will be demanded of us to work and deepen in the essence of our businesses to understand what we should know, include and apply. In summary: “what should be addressed as part of the international legal framework for a better performance in business.”