Today is the deadline to report security incidents to the RNBD

Since the issuance of Law 1581 of 2012 in Colombia, the National Registry of Databases (hereinafter the "RNBD" or the "Registry") was created as a directory of personal databases susceptible of processing by entities of a public or private nature.

In this regard, the Sole Regulatory Decree of the Commerce, Industry and Tourism Sector provides that all companies and non-profit entities with total assets exceeding 100,000 UVT [1], as well as all legal entities of a public nature, regardless of their assets, are required to register their databases in the aforementioned Registry and to make the relevant updates and reports.

In accordance with the above, the Superintendence of Industry and Commerce (hereinafter the "SIC"), as administrator of the RNBD, has established, among other obligations, that the obligated entities must report the claims that the owners of personal data have made in the last six months.

In this regard, the obligated entities must take into account the following:

  1. Reporting is done directly on the RNBD platform.
  2. The consolidated claims filed during the last six months of the year (January to June and July to December) must be reported.
  3. If no claims have been filed, the entity must report it.
  4. The deadline for reporting is within the first 15 working days of February and August of each year (for the current period the deadline is today, August 23).

    5. The SIC has sanctioning powers for non-compliance with the obligations related to the RNBD.

[1] Equivalent to $3,630,800,000 for the year 2021.

Document

Hoy-vence-reporte-de-novedades-por-incidentes-de-seguridad-al-RNBD_​ENG.pdf

Want to know more?