Translate:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the Regulation).

The Regulation is known as GDPR (General Data Protection Regulation) and its purpose is to regulate the protection of individuals with regard to the processing of personal data and the free movement of such data.

The Regulation repeals Directive 95/46 / EC; and shall be effective as of 25 May 2018.

Territorial Scope - Activities

The Regulation can be applicable to companies that are not based in the European Union (for example, in countries located in LatAm) but which develop some of the activities included in the Regulation.

Specifically, it applies to the processing of personal data:

  1. in the context of the activities of an establishment of a controller or a processor in the European Union (EU), regardless of whether the processing takes place in the EU or not;
  2. of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to:
    1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or
    2. the monitoring of their behavior as far as their behavior takes place within the EU.
  3. by a controller not established in the EU, but in a place where Member State law applies by virtue of public international law.
      

Representatives of controllers or processors not established in the EU

In certain cases, companies located outside the EU shall appoint a representative in the EU (section 27). For example, when the company located outside the EU carries out: (i) offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or (ii) the monitoring of the behavior of EU residents (profiling), as far as such behavior takes place within the EU.

Sanctions

The Regulation provides for severe sanctions in case of infringement (section 83). For instance, companies may be subject to administrative fines up to 20 MM EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

The IT/C team of Baker McKenzie Buenos Aires is available to comment on other aspects of the Regulation that may have impact on the activities performed by your company.

Explore More Insight
View All