PERSONAL DATA PROTECTION PROGRAM
FOR THE HEALTH SECTOR

During 2020 the INAI (National Institute of Transparency, Access to Information and Protection of Personal Data) fined hospitals, clinics and doctors for an amount of $ 5’898,600 MXP for not complying with the Federal Law on Protection of Personal Data (LFPDPPP), the foregoing, due to the fact, that this health sector handles sensitive personal data, in addition to not being duly advised on the protection of personal data.

The main violations of the LFPDPPP are caused by:

  • Not Respecting the Principles of Personal Data.

  • For NOT having the Privacy Notice, for having it badly written, incomplete, or out of date.

  • For Failure to properly process the exercise of A.R.C.O. Rights of patients or employees of the medical sector.

  • For not training its employees or collaborators on the protection of patient data.

  • For not having technical, administrative and physical information security measures.

May Cause:

Fine

Hasta $45’344,000 MXN

Prison

Up to 5 years

What are the minimum obligations required by the LFPDPPP?

  • Have your own PRIVACY NOTICE.

  • Respect the Principles of Personal Data.

  • Assign a person as Manager for the proper handling of Personal Data.

  • Employees and collaborators training, keeping register for proof of studies.

  • Implement Security measures for the care and storage of Personal Data.

How do we help you?

  • Advise you on the LFPDPPP, its Legal Scope, its Obligations, and its Rights.

  • Comply with the LFPDPPP to avoid Applicable Fines and Sanctions

  • Help you protect your business and prestige.

Do you want to know what your current compliance level is?

Find Out Here

Do you want to know more about the main obligations regarding compliance with the protection of personal data?

Contact us