Colombia has a data protection law known as the Personal Data Protection Statute (PDPS) which was enacted in 2012. The PDPS is based on the European Union’s General Data Protection Regulation (GDPR) and aims to protect the fundamental right to privacy of individuals by regulating the processing of personal data.
Under the PDPS, personal data is defined as any information related to an identified or identifiable natural person. This includes data such as name, address, identification numbers, financial information, health information, and other personal information.
The PDPS requires that companies and organizations obtain the consent of individuals before collecting, using, or processing their personal data. The consent must be informed, express, and prior to the processing of the data. Additionally, companies must inform individuals about the purpose and scope of the processing of their personal data, as well as the rights that they have to access, rectify, and delete their data.
Companies must also implement technical and organizational measures to ensure the security of personal data and prevent its unauthorized access, alteration, or loss. The PDPS requires companies to notify the Colombian Data Protection Authority (DPA) of any data breaches that may affect the rights of individuals.
Individuals have the right to file complaints with the DPA if they believe that their personal data has been mishandled. The DPA has the power to impose fines and sanctions on companies and organizations that violate the PDPS.
In summary, the PDPS in Colombia aims to protect the privacy and personal data of individuals by regulating the processing of personal data by companies and organizations. The law requires companies to obtain informed and express consent, implement security measures, and notify the DPA of any data breaches. It also provides individuals with the right to access, rectify, and delete their personal data, as well as file complaints with the DPA.