Just one day after an official of the Superintendency of Industry and Commerce (SIC) announced that Colombia’s new data protection law would come into force within the coming weeks, on October 17 the law received the necessary sanción from the administration of President Juan Manuel Santos.  With that action, Colombia became the latest in a string of Spanish-speaking countries to enact a comprehensive data protection law. 

As we reported previously, Colombia’s new law was initially adopted by the Colombian Congress in December 2010.  The law follows an EU-based approach — including, among other provisions, restrictions on cross-border data transfers based upon the “adequacy” of the destination country’s laws, as well as requirements for express consent as a pre-condition to processing of personal data.  We expect that as a next step the new data protection authority within the SIC will develop implementing regulations (also known as secondary legislation).