New Requirements for Colombia's National Registry of Databases

Camila Lopez, Danilo Romero Raad
Holland & Knight LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Holland & Knight LLP

Leer en Español: Nuevos Requisitos para el Registro Nacional de Bases de Datos en Colombia

Interested parties are reminded that due to Decree 090 of Jan. 18, 2018, legal corporations and nonprofit companies with assets that exceed 610.000 Tax Value Units (TVU), equivalent to approximately $20.225 million Colombian pesos, are required to register their corresponding databases in the Superintendence of Industry and Commerce's (SIC) National Registry of Databases (NRD) before Sept. 30, 2018.

In addition, through External Circular No. 003 of Aug. 1, 2018, the SIC modified the obligations for the responsible management parties, as follows:

  • 1. The general annual update of the information registered in the NRD must be done between Jan. 2 and March 31, 2020
  • 2. The first report of claims presented by holders must be done starting in 2019, with reporting in the second semester the information corresponding to the first semester

Taking the aforementioned into account, the following are the obligations that those responsible for the management of databases must comply with:

  • 1. From Jan. 2 to March 31, 2020: General update of the information registered in the NRD
  • 2. From 2019, during the first 15 labor days of February and August: Update the information related to holders' complaints
  • 3. During the first 10 labor days of each month: If the databases registered in the NRD had significant changes

A change is considered significant when it is related to: 1) the database purpose, 2) the person in charge of the treatment, 3) service channels for holders of the information, 4) the classification or type of personal data that is stored, 5) the security measures implemented by the company, 6) the privacy policy and 7) the international transmission and/or transference of personal data.

  • 4. Finally, interested parties are reminded that it is an obligation to inform the NRD of any security incident during the 15 labor days following the detection of this incident.

Those responsible for the management of databases that are not required to register them in the NRD must also report any security incidents within 15 labor days.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Holland & Knight LLP | Attorney Advertising

Written by:

Holland & Knight LLP
Holland & Knight LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Holland & Knight LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide