Cumplimiento normativo en México

What is regulatory compliance?   

Regulatory compliance is the set of processes, practices and measures that an organisation follows to conduct its business in accordance with the laws, regulations, and practices that apply to its sector and industry. Nowadays, digital identity verification has become an essential tool for institutions to easily comply with these regulations while maintaining customer confidence. 

Mexico’s business landscape it is constantly evolving and in recent years compliance has become more crucial than ever. Companies in all industries are facing increasingly stringent regulations related to verifying the identity of their customers, business partners and employees. In this article, we will discuss how Mexican regulations ensure the security of biometric information and how digital identity can help ensure the security of all involved.  

Mexican regulations and standards 

The Personal Data Protection Act sets forth the fundamental guidelines and principles that organisations must follow when processing personal data. Some of the key elements addressed by The Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) include:   

Privacy Notice

Organisations are required to provide data subjects with a privacy notice detailing how their personal data is collected, used and protected.


The law regulates the creation and administration of databases containing personal information and establishes guidelines for their secure management.

Data Blocking

The LFPDPPP establishes the obligation to block and delete personal data once the purpose for which it was collected has been fulfilled.


The explicit consent of data subjects is required before we collect and process their personal data.

Personal Data and Sensitive Personal Data

The law defines and differentiates personal data from sensitive personal data, which includes sensitive information such as race or ethnic origin, health status, religious beliefs, among others.

Data Transfer

The LFPDPPP establishes that the data subject must be informed of any data communication to third parties in the corresponding privacy notice. Data subjects have the right to accept or reject such a transfer.

Likewise, the Ibero-American Data Protection Network   provides guidance on the implementation of model contractual clauses for the international transfer of personal data. 

Furthermore, the Ministry of Finance and Public Credit   (Secretaría de Hacienda y Crédito Público (SHCP)) regulates and controls the banking sector. The SHCP is responsible for proposing, directing and controlling the financial, fiscal, expenditure, revenue and public debt policies of the Mexican Federal Government. This organisation delegates specific responsibilities to other specialised bodies, the most relevant of which is the CNBV (Mexican National Banking and Securities Commission).  


Compliance and Facephi 

At Facephi, as developers of biometric technology for digital identity verification, we understand that having in-depth knowledge of the regulations and regulatory bodies in force in Mexico ensures full respect for users’  rights.  

Close collaboration and rigorous compliance with these bodies is essential to ensure that the technology solutions we offer are securely integrated and meet the highest legal and security standards. Not only does this prevent potential legal problems and sanctions, but it also reinforces user confidence and contributes to building a robust and secure financial system for all involved.