New guidelines applicable to the Data Protection Act

On January 16, 2019, the Argentine Data Protection Agency (the “Agency”) enacted Regulation No. 4/2019 (the “Regulation”) which established new guidelines to be applied to the Personal Data Protection Law No. 25,326 (the “Data Protection Act”), in order to enhance its implementation.

In this sense, the main relevant provisions implemented by the Agency are as follow:

  • personal data owners may access to their data acquired through video surveillance, provided that, their identity is duly certified. If their request were rejected, they shall be noticed about the possibility to file a claim with the National Direction for the Personal Data Protection;
  • if the recorded image identifies any other third party, the data holder shall apply a decoupling technic in order to assure that only the data owner will be identifiable;
  • the data owner shall have the right to request a disclosure regarding the applicable logic in those cases in which negative legal effects, or if any other significative negative consequence, may emerge from decisions based on automatic treatment of personal data;
  • biometric data identifying a person shall be deemed sensible only if it may result discriminatory to the data owner;
  • data holder shall implement valid and effective identification mechanisms;
  • in relation to the assignment of personal data among public offices, certain scenarios were defined in which prior consent of the data owner shall not be necessary; and
  • underage may consent the treatment of their personal data, under certain conditions.

Any further information, please do not hesitate to contact Juan Pablo Bove, Federico Otero, Julián Razumny, or

Financial Statements´ reporting in constant currency

The enactment of Law N° 27,468 on November 15th, 2018 reestablished the effectiveness of previously abrogated Section 62 (in fine) of General Corporations Law N° 19,550 that sets forth that interim and annual financial statements are required to be reported in constant currency and delegated in the Public Registry of Commerce (“IGJ”) its effectiveness date.

In such respect, IGJ´s issuance of General Resolution N° 10/2018 (the “Resolution”) on December 28th, 2018 reestablished the effectiveness of such obligation and additionally amended General Resolution Nº 7/2015 in the following related matters:

  • financial statements must be filed in constant currency (except those issued by entities subject to special control regimes)
  • financial statements shall be restated in accordance with the regulations issued by the Argentine Federation of Professional Councils of Economic Sciences (FACPCE) and adopted by the Professional Council of Economic Sciences of the City of Buenos Aires (CPCECABA);
  • the decisions to be adopted by governance bodies must be taken with accounting information in constant currency;
  • all restatements must be expressed in their actual value;
  • companies subject to the Public Registry of Commerce’s control that are controlling, controlled or affiliated to other companies subject to oversight by the National Securities Commission may adopt specific regulations applicable to the latter, explaining the reasons in the financial statements.

Any further information, please do not hesitate to contact Juan Pablo Bove, Federico Otero, Julián Razumny, or

Improvements in Databases Registration Process

On October 22, 2018, the Public Information Agency issued Resolution No. 132/2018 (the “Resolution”), amending Provision No. 2 issued by the National Directorate for the Protection of Personal Data. These amendments are aimed at enhancing the registration of databases with the National Database Registry, not only for private but also for state-owned companies.

In this regard the Resolution sets forth that:

  • all registrations, modifications and deregistration of personal databases -both private and public- must be processed exclusively through the Distance Procedures Platform (Trámites a Distancia – TAD) or through the Electronic Document Management System (Gestión Electrónica Documental – GDE).
  • any and all officers responsible for of private archives, registers, databases or personal data banks registered with the National Database Registry should proceed to renew their registration through any of the abovementioned procedures by October 31, 2019. Any and all officers responsible for public databases must comply with this obligation by February 28, 2019; and
  • all registration procedures to be carried-out will be free of any costs.

Finally, please note that the Resolution entered into force on October 23, 2018.

Please do not hesitate to contact Juan Pablo Bove, Federico Otero, Julián Razumny, or for any further information.

Integrity Guidelines to comply with the provisions of the Criminal Liability of Legal Entities Law No. 27,401

The Argentine Anticorruption Office (“AO”) has recently published the Integrity Guidelines (the “Guidelines”), in order to comply with the provisions under sections 22 and 23 of the Criminal Liability of Legal Entities Law No. 27,401 (the “Law”). The Guidelines consist of a technical guide for the implementation of Integrity Programs (each, a “Program”) required under the Law and include, among others, the following issues:

  • Accountability of the Program before the Argentine authorities
    The legal entities comprised by the Law must create a Program in accordance with the dynamics of their own activities, and explain its foundations and reasonableness to the applicable authority.
  • Not mandatory
    Notwithstanding the advantages mentioned by the AO, adopting a Program is not mandatory. The decision on its implementation will be subject to the analysis that each legal entity makes in accordance with its risk’s exposure and the framework for the development of its activities, among other factors.
  • Reasonableness of the Program
    In case a Program is implemented, it must be made in a reasonable way, i.e., considering the Guidelines on Risk, Dimension and Economic Capacity of the legal entity.
  • Mandatory and optional content
    In addition to the elements that are mandatorily required (Code of Ethics, Rules and Preventive Procedures and Periodic Training), the Guidelines suggest to adopt other tools such as Internal Complaint Channels, Whistleblower Protection, Periodic Risk Analysis, among others.
  • Steps for designing and implementing a Program
    Although each Program should be created in accordance with the particulars of each legal entity, the Guidelines suggest that certain steps be followed in connection with its design and implementation. Among them, commitment of senior management regarding the development of the Program; evaluation of the legal entity and identification of its risks; definition of a risk exposure plan; implementation of such plan; evaluation of the Program in progress; communication and diffusion of the Program to the employees of the legal entity and relevant third parties.
  • Content
    The Guidelines describe certain elements that the Program may contain, providing general parameters to facilitate its design and implementation:
    • Code of Ethics
      The Program should group in a single document all general integrity policies applicable to the legal entity’s employees and third parties. The values of the organization, the ethical guidelines applicable to its members, prohibitions of improper behavior and sanctions in case of non-compliance should be clearly stated.
    • Integrity in bidding procedures and interactions with the public sector
      These rules and procedures must cover all relevant interactions of the legal entity with the public sector. The Guidelines suggest to cover: (i) with respect to purchases and contracts, interactions with public officers who: (a) have decision-making capacity in the allocation of public resources; (b) prepare investment projects; (c) make tender procedures public; (d) take part in evaluation committees; (e) are in charge of inspection activities or work supervision; (f) take part in commissions that receive or express conformity to purchased services and products; (g) take part in accounting or financial sectors in charge of making payments. (ii) With respect to other potential risky interactions, officers who oversee: (a) authorizations and permits; (b) fundraising activity; (c) inspections and superintendence; (d) exercise of a regulatory activity. (iii) With respect to its own members: (a) commercial, sales, purchasing and marketing sectors; (b) managers and legal and commercial representatives; (c) areas of institutional relationships and relations with governments; (d) distributors and operational areas responsible for the delivery of goods; (e) technical representatives in works and operational areas responsible for the execution of contracted works; (f) financial areas and areas responsible for approving or making payments.

      Regarding rules and procedures, the Guidelines suggest to include: (i) clear identification of public officers as risky counterparties; (ii) specific reference to zero tolerance to bribery or illegal payments made on behalf, or in the interest, of the legal entity; (iii) clear intention that no act carried out on behalf, or in the interest, of the legal entity pursues, as its main purpose, to unduly influence a public officer for the benefit of the legal entity; (iv) prohibit searching or using of privileged or confidential information; (v) disincentives to any participation or collaboration in fraudulent acts conducted by public officers; (vi) clear regulation on prohibitions and exceptions to gifts to public officers; (vii) disincentives to any illegal employment, solidarity initiatives or similar actions; (viii) clear distinction between payments to organizations and payments directed to public officers that result in personal benefit; (ix) prohibition of campaign contributions on behalf of the legal entity; (x) obligation to internally communicate the existence of relationships with senior officers that ease compliance with Decree 202/17 (Conflicts of Interest) or similar.

    • Trainings
      With respect to periodic trainings, the Guidelines recommend the following: (i) promotion by the Board of Directors and the management of the legal entity of active participation in the activities by the employees; (ii) full participation of senior management in training activities; (iii) synchronization with the Code of Ethics and Program’s policies; (iv) combination of general trainings with personalized trainings; (v) an initial training (as part of the induction of each employee starting in the organization) and a mandatory general training at least once a year; (vi) clear incentives for training; (vii) evaluation of the trainings in terms of: (a) proper training of those receiving it; (b) through satisfaction surveys or other mechanisms;(c) evidence of existence by documenting its details; (d) projection of continuous monitoring; (e) update and continuous renewal of its contents, incorporating lessons learned; (f) incorporation of guidance stages that include advice upon queries and specific cases.
    • Internal Research
      Internal Research should be regulated in such a way that the limitations arising from privacy rights and worker’s dignity be respected, while, as per the management of information, the provisions for obtaining and processing personal data must be complied with. The Guidelines recommend putting in place a written internal protocol to regulate on matters related to media access and devices that the employer provides to its workers informing that the information stored in those sources and devices belongs to the legal entity. Also, it is advisable to consider policies related to the chain of information custody (and the adoption of external support when dealing with electronic evidence), witnesses’ interviews, and involvement or exclusion of internal areas, depending on the potential involvement in the investigated facts. The Guidelines suggest to implement rules on how to proceed in certain special cases such as: access to employees’ corporate e-mail, access to telephone call records; vehicle satellite tracking records; access to Internet browsing history; access to stored documents; access to drawers or cabinets; video surveillance; access to entry and exit records; inspections of clothing, bags and automobiles; tests for drug consumption; interviews on internal investigations.
    • Due diligence to third parties
      The Guidelines suggest to: (i) know the counterparties and have information about the characteristics and relationships of third parties, including their commercial reputation and the relationship, if any, with local or foreign public officers; (ii) increase the level of scrutiny to the extent that the alerts are greater; (iii) ensure an adequate understanding of the rationale of the relationship that is created with third parties. In addition, it is important to control that the third party is actually performing the work for which it was hired and that its compensation is in accordance with its work; (iv) transmit properly to third parties the integrity policies of the legal entity and demand their compliance; (v) control the actions of third parties in such activities that may be perceived as acting on behalf, for the benefit or in the interest, of the legal entity according to its usual meaning in the context of the businesses that are carried out. The following will be considered relevant counterparties: subsidiaries; partners in joint ventures; dealers; agents; commercial representatives; intermediaries; managers; lobbyists; contractors; consultants; customs’ brokers; suppliers; service providers and customers.

      The analysis to be applied on the third parties must include aspects such as: structure and operation; composition of the third party's business; reputation; links and relationships; potential conflicts of interest; financial solvency; technical/professional suitability; track record; existence of anti-corruption program or policies.

    • Due diligence in processes of corporate transformation
      The Guidelines recommend to carry out an analysis on the integrity of the acquired legal entity consisting of a broad and rigorous scrutiny. The cases include transformation, merger and split in the terms of the General Corporation Law.

      The M&A due diligence may include actions such as: verification of anti-corruption compliance by the target company; implementation of anti-corruption policies by the target company; providing directors with training in such policies; and post-closing audit.

    • Internal Responsible Person
      The Guidelines provide for rules on the functions of the Internal Responsible, listing the following, among others: analysis of ethical risks; design of internal policies; conduction of the Program; advice on ethical dilemmas; management of complaints received; whistleblower protection; leadership in internal investigations; support on self-denunciation and cooperation with authorities; Program supervision; strategic planning of the legal entity; training design; adaptation of the Code of Ethics to current regulations.

At TRS&M we remain available to provide a further analysis on the matters described herein.