Historically, agencies of the executive, legislative and judicial branches of the Mexican government were not restricted on how they could use personal data, with there being no regulatory framework in place. However on 21 April, the United Commissions of Government and Legislative Studies of the Mexican Senate approved a new data protection law, the 'General Data Protection Law Held by Regulated Subjects' (the "Law"). The Law will regulate all government agencies and provides that the right to protection of personal data may only be limited for reasons of national security, public order, public health and safety, or to protect the rights of third parties. 

Although non-governmental bodies will not be subject to the Law, it indicates a move towards greater regulation of data processing activities in Mexico. As such, to the extent an organisation processes personal data in Mexico it should monitor developments in this area. 

A press release from the Senate about the Law can be accessed here (Spanish).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.