October 2018: The Thomson Reuters Foundation in partnership with Richards, Cardinal, Tützer, Zabala & Zaefferer have published a brief legal guide to assist NGOs in Latin America in complying with new data protection requirements introduced by the recently implemented General Data Protection Regulation 2016/679 (GDPR).
The GDPR came into force on 25 May 2018 and imposes significant new obligations in relation to the processing of personal data of EU data subjects. Due to its extraterritorial scope, the GDPR applies to those entities - regardless of where they are physically or legally located - that in some way use or process personal information related to individuals residing in the European Union. NGOs located in Latin America that use or process data from European residents should comply with a double regime: (1) The personal data laws of the country of Latin America where they are located; and (2) the GDPR.
This guide outlines the key requirements of the GDPR and offers practical tips from experienced lawyers on how NGOs can take steps to ensure compliance with the GDPR.
For more information you can also read our Data Protection: A Guide for Charities and Non-governmental Organisations