NATIONAL DATA BASE REGISTRY (NDBR)
On November 2016, the SIC issued Decree 1759 of 2016, and extended the term in which private legal entities and mixed economy companies registered within the chamber of commerce should perform the registry of their data bases within the National Data Base Registry (NDBR), the term will expire on June 30, 2017.
Please be reminded that in order to comply with the regulation, it will be important that the company performs a review of the inventory of data bases, and of the compliance with data protection regulation.
Within the NDBR it will be necessary to register the following information:
- Contact information of the data controller.
- Contact information of the data processor.
- Means to exercise the rights of data subjects.
- Name and purpose of the data base.
- Way of data handling (manual or automatized)
- Data handling policy
- Information that is being handled.
- Security measures (the NDBR includes specific questions on the matter)
- Source of the personal data
- Information about international data transfers and/or transmissions
- Assignment or national data transfer.
- Report of news (data subject’s claims and/or security incidents)
Please do not hesitate in contacting us in case you have any inquiries on the matter or require our assistance in this process.