Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Colombia: SIC fines Cúcuta Chamber of Commerce COP 90M for data protection violations on its website
The Colombian data protection authority ('SIC') published, on 28 June 2021, Resolution No. 39504 of 2021, in which it imposed a fine of COP 90,770,000 (approx. €20,420) to the Chamber of Commerce of Cúcuta, for failing to process personal data in line with the obligations set out under Articles 17(b), 4(c), and 9 of the Statutory Law 1581 of 2012 (October 2017) Which issues General Provisons for the Protection of Personal Data ('the Data Protection Law'), and Articles 2.2.2.25.2.2 and 2.2.2.25.2.3 of the Decree No. 1074 of 2015.
Background to the case
In particular, the SIC stated that it sent a letter, on 8 July 2020, to the Chamber of Commerce of Cúcuta asking it to provide information on the processing of personal data through its website, risks associated with the processing, and whether a Privacy Impact Assessment was conducted, among other things.
Findings of the SIC
The SIC stated that it found that the Chamber of Commerce of Cúcuta had violated Articles 17(b), 4(c), and 9 of the Data Protection Law, and Articles 2.2.2.25.2.2 and 2.2.2.25.2.3 of Decree No. 1074 of 2015 by failing, on its website, to obtain consent to process personal data, to provide information to data subjects about the purpose of data collection and the type of processing of their personal data, to provide information on how data subjects can exercise their rights, and to provide information on how long the personal data would be retained, among other things.
Outcome
The SIC stated that it had imposed a fine of COP 90,770,000 (approx. €20,420) and gave orders to ensure compliance with the law.
You can read the decision, only available in Spanish, here.