Law: Federal Law on Protection of Personal Data Held by Private Parties (FLPPDPP), Regulations to the Federal Law on Protection of Personal Data Held by Private Parties (the Regulations)

Regulator: National Institute for Access to Information and Protection of Personal Data (INAI)

Summary: The Federal Law on Protection of Personal Data Held by Private Parties (FLPPDPP), Regulations to the Federal Law on Protection of Personal Data Held by Private Parties (the Regulations), and the Guidelines on Privacy Notices (only available in Spanish here) establish the principles and minimum standards for processing personal data and form the bases of the regulatory framework for the protection of personal data in Mexico's private sector.

Notably, on October 29, 2023, the National Institute for Access to Information and Protection of Personal Data (INAI), as the regulatory body, announced that it was working on a project to update the FLPPDPP in light of the developments in artificial intelligence. Nonetheless, there are also sector-specific laws in the financial services and health and pharmaceutical sectors. Under the current legislative framework, there is no requirement to inform the INAI or any other state authority when a data breach occurs.


Gain access to unlimited articles with 7 day access to all features, no credit card required.


Other options:
