The Colombian data protection authority (SIC) has issued its ‘Colombian Accountability Guidelines’ (Guidelines) which aim to help companies understand and better comply with the country’s Data Protection Regulation that came into force in 2012. 

The Guidelines are the first of their kind in South America. They focus on how companies are able to demonstrate that they are complying with Colombia’s data protection law, for example being able to set out the information security measures taken by that company in respect of the data it holds.

The SIC also hopes that the Guidelines will reduce complaints to its relatively small office by fostering greater engagement between it and data controllers, encouraging the implementation of training and proper processes rather than risk enforcement fines.  Already this year the SIC has issued USD 651,000 of enforcement fines.

A copy of the Guidelines is available here.

What action could be taken to manage risks that may arise from this development?

Where companies process data in Colombia they should ensure that they comply with the Guidelines.