What is GDPR:

The General Data Protection Regulation (GDPR), which provides individuals with even greater control over the collection and use of their personal data, was adopted by the European Union in April of 2016 but companies must comply with its requirements by May 25, 2018.


Why does it matters for us in Latam:

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to it, or monitor the behavior of EU Data Subjects. It applies to all companies processing and holding the personal data of Data Subjects residing in the European Union, regardless of the company’s location.


What Personal Data is, according to the GDPR:

‘Personal Data’ means any information relating to a natural person (‘Data Subject’) that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, including online identifiers like device IDs, cookie IDs or a computer IP address.


Main changes for us the Marketers:

Personal Data must be “Processed lawfully, fairly and in a transparent manner”


Consent and Transparency

Consent should be clear and unique to a specific organization and each reason for processing. Separate forms with default unchecked boxes are required.

The transparency of company’s reasons for processing data is a requirement for building explicit consent.

Data Subjects should be able to withdraw their consent for each, or all, processing activity, and withdrawing consent should be as easy as giving it was.

As with all GDPR-related things, keeping records is vital to demonstrating compliance.


Personal Data must be “Collected for specified, explicit and legitimate purposes” and be “Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”


Purpose Limitation

Obtaining explicit authorization goes hand-in-hand with purpose limitation; at the point of data collection (for example, your online form), you should be completely transparent about the goal for which Personal Data is being collected, such that there should be no confusion regarding the objective of collection. In addition, once you have collected data for a specified purpose, that data should not be used for another, incompatible intent. Furthermore, the objective must be legitimate, meaning, it must not be in violation of applicable laws.


Disclaimer: This material is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on any of your data processing activities please consult with an independent legal and/or privacy professional.