Mexico

Currently there is no legal provision that makes it mandatory to have a data protection impact assessment or audit to verify compliance with the regulation. However, the law entitles Mexican DPA to conduct visits of inspection ex officio to verify the compliance with the data privacy Regulation by data controllers.
Likewise, since the law makes it mandatory for any data transfer to execute an agreement in virtue of which the data processor /vendor is obliged in the same terms than the data controller, and considering as well that the principle of Responsibility obliges the data controller to adopt all administrative, physical and technological measures to safeguard any PI under its control, as if it were its own information, a data protection impact assessment or audit should be expected from any data controller and processor.