Treatment of Personal Data
Our experience
Our firm is responsible for preparing a document structure that allows the subject to be forced to carry out a proper processing of personal data and comply with the guidelines issued by the Superintendence of Industry and Commerce.
Main services in processing of personal data
1. Diagnosis and Evaluation of Data
- Sessions diagnosis with each of the departments of the controller and/or in charge of data processing.
- Identification of points of data collection, and appropriate measures for their management.
2. Management of Inventory and Registration of Databases
- Preparation of an inventory of databases amenable to treatment.
- Management of the registration in the National Registry Database in compliance with legal requirements.
3. Implementation of a System of Operational Risk
- Development of a risk management system operational oriented to mitigate risks arising from the processing of personal data.
4. Security policies and Control
- Development of a General Policy of Information Security and a Security Protocol.
- Drafting privacy notices and authorizations aligned with the regulations in force.
- Review, preparation and update of the Policy on the Processing of Data.
5. Attention to Owners of Data
- Answering queries and requirements on the part of the holders of information.
- Development and documentation of key processes in the registration, update, and renewal of databases.
6. Year of Specialized Functions
- Acting as Official Data, overseeing regulatory compliance and risk mitigation.
- Periodic audits and submission of reports intended to assess and monitor the compliance of controls
What is the Processing of Personal Data?
The processing of personal data refers to any operation or set of operations which is performed on personal data, such as the collection, storage, use, circulation or deletion of such data, with the aim to protect the privacy and the rights of the people.
What are Personal Data?
Personal data is any information that allows identifying or making identifiable to a person. These may include the name, identification number, address, email address, telephone number, biometric data, among others.
Required:
All legal persons are obliged to ensure the appropriate management of personal data collected through the implementation of a Policy of Processing of Personal Data. In addition, they should ensure that they obtain the express consent of the persons whose data will be object of treatment
What is the National Register of Databases?
The National Register of Databases is a public directory to be administered by the Superintendence of Industry and Commerce, whose purpose is to centralize the information of the foundations of personal data, which are under treatment in the country, ensuring its transparency and facilitating your query.
Required:
Companies and non-profit entities that have total assets in excess of 100,000 Units of Value Tax (UVT) and legal Persons of a public nature.
Applicable Regulations
Penalties
Up to 2,000 MONTHLY