Adaptation and Audit of Personal Data Protection Colombia
(Law 1581 of 2012)

Habeas Data is a constitutional right in Colombia, but it is Law 1581 that develops and regulates this right, and it is in this law where all the rights, duties, and procedures that companies must follow are established.

Article 15 of the Political Constitution of Colombia states: “All persons have the right to their personal and family privacy and to their good name, and the State must respect them and ensure that they are respected. Likewise, they have the right to know, update, and rectify the information that has been collected about them in databases and files of public and private entities. In the collection, processing, and circulation of data, freedom and other guarantees enshrined in the Constitution shall be respected…

In today’s digital era, data protection is not only a legal obligation but also a fundamental pillar for your customers’ trust and your company’s reputation. Compliance with Law 1581 of 2012 in Colombia is an unavoidable requirement for any organization that handles personal data. Ignoring it may lead to penalties of up to 2,000 legal monthly minimum wages (SMMLV) and irreparable damage to your corporate image.

What are my main obligations as a company under this law?

You are responsible when you decide on the collection and use of the data.

  • Obtain prior, express, and informed authorization from the data subject.
  • Inform the data subject.
  • Guarantee the rights of the data subject.
  • Keep evidence of the authorization granted by the data subject.
  • Adopt administrative, technical, and legal security measures to protect the data against loss, unauthorized access, or fraud.
  • Register the databases in the RNBD (National Registry of Databases) of the SIC.
  • Report security incidents affecting personal data to the SIC.
  • Update the information reported to the RNBD and keep it current.
  • Comply with the principles of the law.

How can we help you comply with the regulation?

Our consultants, with certifications in Information Security and specialized training in Personal Data Protection (CISM, CISA, ISO 27001 L.A., CISSP, CDPP, etc.), will apply best practices in the processing of personal data in your organization. They will guide you through the process, carrying out professional consulting for regulatory compliance from legal, technical, and organizational perspectives, collaborating in the implementation of IT tools (ISO 27001 controls) to protect data in terms of integrity, confidentiality, and availability.

 

Service benefits

Our consultants will independently evaluate the guiding principles for the processing of personal data to determine the organization’s level of compliance with Law 1581 in a comprehensive way, both internally and in its relationship with each and every third party with whom it establishes links in the roles that correspond to them (data subjects and data processors of the personal data bank, and third parties providing services).

Habeas Data Adaptation Process

The overall Adaptation Process will include consulting activities that help achieve legal compliance in the following work steps:

Phase I: Project Launch

Kick-off meeting and identification of the project team.

Phase II: Current Situation Analysis

Interviews, questionnaires, and a detailed analysis of documentation, inventories, associated processes, systems, procedures, and review of compliance with applicable regulations will be carried out.

 

Phase III: Situation Report and Actions

Report on the technical and legal considerations necessary to avoid the activities and circumstances that cause the company’s non-compliance with the regulations on the protection of personal data.

 

Phase IV: Actions before the RNBD

Registration of the personal databases of the operators and administrators of these databases before the National Data Protection Authority.

Phase V: Meeting prior to the Audit Phase

Working session with the project coordinator in order to review the draft legal and technical report.

Phase VI: Audit

An audit will be carried out in accordance with international requirements to verify proper compliance with the security requirements contemplated in the national regulations, based on the information contained in the databases.

Phase VII: Delivery of Report and Training

Delivery of the Audit Report and the option of training for the designated staff.

 

Results

As a result, an Adaptation Report and an Action Plan of measures to be implemented will be obtained.

What Our Clients Say


At Grupo AR, we highly value the brand protection service provided by Internet Security Auditors for its comprehensive and proactive approach. Their highly qualified team enables us to identify and mitigate risks that could affect the AR Construcciones brand and its different companies. Many thanks for your support!
Nestor Ivan Melo Ballen
Director of Cybersecurity
Grupo AR
As CEO of Beruby, we worked with Internet Security Auditors when we urgently needed to complete a PCI DSS Attestation of Compliance. The entire process was extremely fast, efficient, and professional. Their team provided us with excellent support, demonstrating strong technical expertise and a high level of commitment. Without a doubt, we recommend their services to any company in need of cybersecurity solutions.
Miguel Acosta
Global CEO
Beruby
At Grupo Arbulu, we have worked closely with Internet Security Auditors on the implementation of advanced cybersecurity measures. Thanks to their expertise, we have significantly strengthened our ability to detect and mitigate cyber risks. Their thorough audits and tailored solutions have reinforced our security infrastructure, ensuring the protection of our data and the continuity of our operations.
Marcos Montes de Oca
CIO
Grupo Arbulu
As CISO at Intaremit S.A., the importance we place on logical security is extremely high. Not only because the PCI‑CPP standard requires us to perform four internal and external vulnerability scans and an annual internal and external penetration test, but also because of the security and peace of mind our company aims to provide to each and every one of our customers.We have been working and collaborating with IsecAuditors for more than 10 years thanks to their experience, commitment, and close support, and I therefore recommend them without hesitation.
Sergio Sainz de la Maza
CISO
Intaremit S.A.
As CFO of Fleurop – Interflora Spain, we have been working with Internet Security Auditors for years in the areas of consulting and GDPR compliance. As Interflora is a company fully oriented toward online commerce, the professional services provided by ISEC Auditors give us the support, security, and peace of mind that all our activities remain aligned with GDPR requirements.
Francisco Tébar Prada
CFO Southern Europe (Spain, Italy, Portugal and Romania)
Fleurop - Interflora España
As CFO of Saint Louis University – Madrid Campus, I have had the opportunity to work with Internet Security Auditors, S.L. They have been an indispensable partner in implementing the requirements established by GDPR: preparing the record of processing activities, developing privacy policies, drafting the necessary data‑protection agreements with our service providers, and complementing all of this with thorough training for our staff—an essential element to ensure full compliance with the law. I would like to highlight their availability to address questions and their ability to translate the legal framework into concrete and understandable actions. Their periodic internal audits are efficient and allow us to stay up to date, correcting any deviations in a timely manner.I highly recommend Internet Security Auditors, S.L. to anyone seeking a successful implementation and ongoing oversight of personal data protection within their organization. 
Victoria Villarreal Palazón
Vice-Rector & Associate Vice President Chief Financial Officer
Saint Louis University, Spain
Working with Internet Security Auditors has been a positive experience in every respect. Their team combines strong technical expertise with a great willingness to collaborate, which has strengthened our security posture and regulatory compliance.
Andres Mejia
Head of GRC
PAYVÁLIDA
On behalf of Outsourcing SAS BIC, we would like to express our sincere appreciation for the commitment, professionalism, and dedication demonstrated throughout the implementation of the PCI DSS compliance project in our call center. Thanks to your expertise and guidance at every stage of the process, we were able to establish a secure environment that meets the industry’s most demanding payment‑security requirements, significantly strengthening our security controls and data‑protection practices. We especially value your team’s willingness to provide clear solutions, effective training, and smooth communication, all of which were key to achieving our objectives on time and with full confidence.
Yulian Colmenares
Information Security Officer
OUTSOURCNG SAS BIC
Working with Internet Security Auditors has been a highly satisfactory experience. Their support throughout our migration to the ISO/IEC 27001:2022 standard, the execution of internal audits, and the PCI DSS certification process has been essential in strengthening our information security management system. We especially value the professionalism and interpersonal skills of their team, which have made this collaboration a relationship of trust and great value for Neurona.
Ricardo Andrés Cárdenas Galvis
Information Security and Continuity Officer
Neurona
The strategic support provided by Internet Security Auditors as our CISOaaS has been essential in strengthening our internal team. Their expertise perfectly complements the work of our CISO and has enabled us to accelerate the maturity of our cybersecurity program.
CISO
RACC

Do not hesitate to contact us if you need more information

Send us your questions and we will get in touch with you as soon as possible.
CAPTCHA