On May 25, 2018, after years of preparation, the first community regulation for the protection of personal data, the GDPR (General Data Protection Regulation), came into force. Unlike the previous regulations, this norm is effective in European Union countries without the need to implement local regulations.

One of the most innovative points is that, even if you do not have a physical establishment in the European Union, there are cases in which you may be subject to the Regulation if you process data in any country of the Central American region.

Thus, you must comply with the GDPR even when processing the data outside the European Union, if you:

  1. Offer goods or services to residents of the European Union, regardless of the place of payment.
  2. Carry out monitoring activities for European Union residents, and said activity takes place in the EU.
  3. Have an establishment that, under international public law, is subject to European legislation.

As an example, you will be bound by the GDPR, even in Central America, if you carry out email campaigns to citizens located in the EU, if you manage an app that has location services in the EU, if you monitor health and physical conditions of an EU resident through medical devices or wearables, or if you are a European embassy or another international body of European jurisdiction.

Moreover, if you are a service provider that processes data for an organization subject to the GDPR, you must also comply with the Regulation because the compliance obligation applies on all service levels. GDPR has raised the standards of data protection and security so that, in cases where a service provider wants to expand its market to the EU, it should prepare accordingly and be ready to demonstrate compliance when hired.

Dentons Muñoz can advise you to determine if the Regulation applies to your organization and if so, assist with getting your company to be GDPR compliant, both in terms of privacy notices and data subject consent, as well as the security policies and measures companies must implement.

Beyond the GDPR, this is an excellent opportunity for your company to reach the highest standards of personal data protection, which will also impact the protection of other types of confidential information.

For additional information, please see our guide here.

Regulation (EU) 2016/679 (General Data Protection Regulation)

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.