SIC conditions prohibition to transfer personal data. 

The Superintendence of Industry and Commerce (“SIC”), Colombian data protection authority, through Directive 005 of August 10, 2017, referred to conditions that shall be followed when transferring personal data without data subjects’ consent. To this end, the SIC established criteria for determining when a country offers an adequate level of personal data protection, and conditions that should be taken into consideration in international flows of personal data. The foregoing, in connection with article 26 of Law 1581 of 2012 and decision C-748 of 2011 by the Colombian Constitutional Court. 

The SIC also established a list of 36 countries with an adequate level of personal data protection. Among them are the United States of America, United Kingdom, Peru, Mexico and member countries of the European Union. 

The Directive was subject to an extensive debate in both the public and private sectors, mainly due to the complexities that its implementation imply in the context of the increasing contracting of cloud and information processing services. 

Note: the information included herein has been prepared for general informational purposes only and is not intended to be legal advice.

For more information, please contact us at equipoTMT@bu.com.co.