MyData-TRUST
Colombia
Law 1581 of 2012
Align with Colombia’s personal data protection framework under Law 1581.
Colombia’s Law 1581 governs the collection and processing of personal data in both the public and private sector and enshrines the individual constitutional rights to privacy.

Key Requirements:

• Informed, express, and prior consent for data processing
• Provide Privacy Notice
    • Registration of databases in the National Database Registry (RNBD) - If applicable
    • Rights to access, update, correct, and revoke data
• Set up required security measures
• Appoint a DPO (recommended by Colombian DPA)

Our Experts Are Here To Help You!

Ensure your compliance with Colombian laws on personal data protection

How MyData-TRUST Can Support You

• DPO services (Data Breaches, Data Subject requests)
• Implementation of internal privacy frameworks
• Risk assessments and data lifecycle audits

Why Compliance Matters for Life Sciences

• ⚖️ Legal requirement for processing personal data in Colombia
• 🔬 Sensitive health and clinical data require special handling
• 🔒 Non-compliance may result in reputational and financial risk
• 🌐 Ensures readiness for global research partnerships

Why Choose MyData-TRUST?

• ✅ Specialized in Life Sciences data privacy
• 🌎 Experience with LATAM regulations and global standards
• 🔬 Sector knowledge in biotech, CROs, and health research
• 🔐 Trusted compliance partner in 40+ countries

Frequently asked questions

In case your company is in Colombia and meet one of the following criteria, Yes:
• Companies or nonprofit entities that have total assets valued above 100,000 Tax Value Units (TVU). 1 UVT = COP 47,065 for 2024 (this value changes every year) equivalent approx. to USD 1,078,000.
• Legal persons of public nature.

If your company is based out of Colombia territory, but it is Sponsoring a processing activity carried out in Colombia this has to be assessed case by case.
The personal data of minors are subject to special protection, and therefore their processing is prohibited, except when it involves public data, in accordance with the provisions of Article 7 of Law 1581 of 2012, and when such processing meets the following parameters and requirements:
• It must respond to and respect the best interests of children and adolescents.
• It must ensure respect for their fundamental rights.
• Once the above requirements have been met, the legal representative of the child or adolescent will grant authorization prior to the minor exercising their right to be heard. This opinion will be assessed considering their maturity, autonomy, and ability to understand the matter. All responsible parties and those in charge involved in the processing of the personal data of children and adolescents must ensure their proper use. To this end, the principles and obligations established in Law 1581 of 2012 and its regulatory decree must be applied.
• Information for which the Data Subject has expressly and unambiguously authorized the transfer.
• Inform and guarantee the exercise of the rights of the Data Subjects.
• Process inquiries, requests, and complaints.
• Use only personal data that has been obtained through authorization, unless otherwise required.
• Respect the security and privacy conditions of the Data Subject's information.
• Comply with the instructions and requirements issued by the competent administrative authority.
Need more information about MyData-TRUST? Get in touch with our experts.

MyData-TRUST offers global coverage

Overview of other regional regulations

flag-usa

U.S.A – State Privacy Laws

Read more

flag-singapore

Singapore – PDPA

Read more

flag-south-korea

South Korea – PIPA & PIPA-ED

Read more

Powered by MyData-TRUST

Want to subscribe to our newsletter ?

Name(Required)
Privacy(Required)