On January 2018, the SIC issued Decree 090 of 2016, which excluded individuals and certain entities that manage databases from the obligation to register their databases in the registry established by the SIC, and extended the term for registering the databases, in those cases where the entities are still required to comply with this obligation. Therefore one of the terms expires on September 30, 2018.

The term that expires in the said date is for companies and non-profit organizations with total assets above 610.000 UVT (COP$20.225.160.000 or approx. USD$6.741.720).

On November 30, 2018 the term will expire for companies and non-profit organizations with assets above 100.000 UVT (COP$3.315.600.000 or approx. USD$1.105.200) and up to 610.000 UVT (COP$20.225.160.000 or approx. USD$6.741.720). Finally on January 31, 2019 the term will expire for public entities.

Within the said registry it will be necessary to register the following information:
Contact information of the data controller
Contact information of the data processor
Means to exercise the rights of data subjects.
Name and purpose of the data base
Way of data handling (manual or automatized)
Data handling policy
Information that is being handled
Security measures
Source of the personal data
Information about international data transfers and/or transmissions
Assignment or national data transfer
Report of news (data subject’s claims and/or security incidents)
Please do not hesitate in contacting us in case you have any inquiries on the matter or require our assistance in this process.