On March 26, 2019 Law 81 was approved which establishes the principles, rights, obligations and procedures that regulate Personal Data Protection; it will come into effect as of 2021.
Said Law includes and develops the ARCO Rights (Right of Access, Modification, Cancellation, Opposition and Portability), and will be supervised by the National Authority of Transparency and Access to Information (ANTAI) with the support of the National Authority for Government Innovation (AIG).
This Law was established with the purpose of safeguarding and guaranteeing the fundamental right of personal data protection, with rules regarding its treatment and transfer, which are collected by natural persons and legal entities, be they public or private entities.
The concepts set forth in this Law respond to the evolution and development that have occurred from a legal perspective, as a result of the new trends in the market, such as the automatization of internal processes, information storage, interoperability, the application of artificial intelligence, and the digital treatment of information, for which there was no legislation.
The Law aims to provide data subjects with a legal instrument of protection and defense, related to the use of their personal data, which will complement the regulations in areas of close and related competence such as commercial law, criminal law, procedural law, family law, the rules of transparency, public health and any other legislation that requires the treatment and storage of personal data.
Additionally, it imposes sanctions from one thousand dollars ($1,000.00) to ten thousand dollars ($10,000.00) to those responsible of inadequate treatment of a subject’s personal data, as well as the custodian of the databases that, due to an investigation, are deemed responsible of violating the rights of a subject’s personal data protections.
We have included a copy of Law (in spanish) in the following link.
For more information regarding this Law, you can contact Beatriz Cabal at email@example.com