On December 7, 2018, Resolution 159/2018 was published in the Official Gazette, whereby the Agency for Access to Public Information passed the "Guidelines and Basic Contents of Binding Corporate Rules". The
purpose of the guidelines is to set minimum content that must be considered for the design of binding corporate rules regarding the international transfer of personal data between companies of the same economic group. They must be binding and enforceable for the members of the economic group, employees, subcontractors and third-party beneficiaries.
Among other provisions, the binding corporate rules must contemplate: (i) rules on legal processing of personal data (including processing for specific purpose, confidentiality provisions, rules on secure processing and minimization of data); (ii) special security measures for processing of sensitive data; (iii) reference of data subject's rights of access; (iv) provision on local authorities jurisdiction when the exporter of the personal data is located in Argentina and (v) provisions on liability of companies exporting and receiving personal data.
The Resolution provides that those who transfer personal data from the Argentina to companies located in countries that do not have adequate legislation on personal data protection and make the transfer using self-regulatory standards that differ with the provisions contemplated in the Guidelines, must submit such standards before the Agency for Access to Public Information for their control and approval, within thirty days from the date of the transfer. Find full version of the Resolution in the following link.
Our Firm has a Privacy and Data Protection practice aimed at assisting our clients in complying with local and international regulations with experience in the design of corporate policies.
We invite you to contact us if you have any questions.