Organizations and companies of any size must align themselves with compliance with the law, to define which practices may be putting them at risk of costly fines.
With the recent news about Cambridge Analytica and the campaigns to delete FB, #deleteFacebook, protecting people's rights and freedoms in relation to privacy, it is vital that companies want to maintain the trust of their customers.
In Colombia, all the terms for registering databases with the SIC have expired, however, two questions must be asked: does your website meet the requirements to guarantee the protection of the information it collects? Are you allowing your users to know, accept and authorize the procedures that have to do with their personal data?
Beyond the database registration, some other obligations were derived from Decree 1377 of 2013 and Law 1581 of 2012, such as the following:
-
Safeguard the information collected with good computer practices.
-
Explicit authorizations from data subjects to capture private and sensitive personal data
-
Personal data processing policy
To be sure of this, it is important to conduct an audit of your digital properties to verify that IT processes and web software are aligned with compliance standards, in order to detect which practices are not up to date and correct them.
The sanctions imposed by the SIC, in addition to being onerous in terms of money, as they can reach up to 2000 SMMLV, can lead to the suspension of activities related to data processing, such as the temporary or permanent closure of e-commerce sites, other types of transactional sites or general information portals that request personal information in exchange for content.
What impact can these standards have on your digital business internationally?
Not only in Colombia but in several Latin American countries, this trend has been adopted, in accordance with what is happening in Europe and the United States, with government demands regarding data protection laws.
If your company is doing business in the European Union, even marginally, collecting data of any kind, even if it is not corporately based in a European country, you must be careful with the deadline for the implementation of compliance with the GDPR standard, !remain 50 days! If you haven't heard about this, it's best to document it, because the fines can be equally high. See the European provision: https://www.eugdpr.org/
At SeeD, we are experts in the implementation and development of Drupal, for more than 13 years we have been advancing with the platform and at this moment we are able to perform a preventive audit on your Drupal site accompanied by the implementation of all alerts, authorizations and internal protection guidelines. We can help your company carry out a verification of the protection measures of your clients' databases in order to avoid unwanted or prohibited uses of your clients' private information and data.
There is a “checklist” that includes the acceptance of cookie management, a thank you banner, links to privacy policy information, but also a series of verifications on the contributed modules and those made to measure, which must be do, in order to guarantee 360º management of the site and infrastructure, in compliance with Data Protection laws.
-
The territorial scope has changed: Colombian law, as well as other international laws such as the European GDPR, applies to all companies that collect personal information from people residing in the European Union, regardless of the geographical location of the company's incorporation. In other words, if your company has an international reach and has a contact or registration form that potentially requests data to access content or online purchases, you must also be complying with international regulations.
-
The conditions of acceptance and consent, as well as the digital rights of individuals (right to access, right to be forgotten)
-
“Privacy by design” and by default is a fundamental part of international laws, as well as the appointment of a commissioner within the company, which is also part of Colombian requirements.
At SeeD we have formed a strategic alliance with BRAINSUM of Budapest, pioneers in the implementation of the GDRP regulations on Drupal sites, developers of the most widely implemented module for the management of Data Protection regulations with European standards (more than 220 installations). With them we have reviewed and adapted to local regulations and can guarantee full compliance.
Ask us and let us help you bring your Drupal site up to date with these new provisions.
Habeas Data Law