National Database Registry

What is the National Database Registry?

The National Database Registry (RNBD) is the public directory of databases subject to processing that operate in the country. It is managed by the Superintendence of Industry and Commerce (SIC) and is freely accessible to citizens.

What is a Database?

A database is an organized collection of personal data used for recording and managing such data, whether in a physical medium (a physical file) or an electronic medium (spreadsheets, text documents, etc.), regardless of the amount of personal data it contains. In other words, a database is any organized collection of personal data subject to processing, such as lists of employees, customers, suppliers, students, patients, etc., which serve a specific purpose for the company.

Mandatory Database Registration.

Any medium or large company operating in Colombia, as a data controller, must comply with the obligation to register its databases, as defined in Decrees 886 of 2014, 1074 of 2015, 1759 of 2016, and 90 of 2018. This means that all medium or large companies are required to register their databases with the RNBD and implement the provisions of the personal data protection law.

Additionally, it is important to remember that this registration (National Database Registry) must be updated before March 31 of each year, as a mandatory requirement.

Sanctions.

It is important to note that failure to comply with the provisions of Article 23 of Law 1581 of 2012 may result in the Superintendence of Industry and Commerce imposing the following sanctions on companies:

  • Fines of a personal and institutional nature of up to two thousand (2,000) current legal monthly minimum wages at the time the sanction is imposed. Fines may be imposed successively as long as non-compliance persists.
  • Suspension of related activities for up to six (6) months.
  • Temporary or permanent closure of operations.

Registration Process.

The information that must be registered with the Superintendence of Industry and Commerce includes the following:

  • The type of information stored in the databases (classified according to the nature of the data).
  • The security measures implemented by the company to protect the information stored in the databases.
  • How the information was obtained and the prior authorization for its processing.
  • The international transfer or transmission of personal data.
  • The national transfer or assignment of the database.
  • Claims submitted by data subjects and security incidents that have occurred in the company.

Our Advisory Services.

To ensure compliance with the obligation to register your databases, our lawyers will:

  • Determine the nature of the information contained in your databases.
  • Prepare the general [Standard] policy for personal data processing (which is necessary for registration).
  • Create a [Standard] access control format for your company.
  • Properly register all your databases, including clients, suppliers, employees, etc., so that your company receives a registration certificate issued by the SIC system.