Foreign Non-Profit Organizations
There are 5 main obligations:
Section 2.3 from Chapter V of the Legal Circular issued by the Superintendence of Industry and Commerce, establishes that every year between January 2nd and March 31st updates to the National Data Base Registry must be performed.
The mentioned updates must include any change that the data base has suffered within the previous year, i.e., if the number of data subjects included in the data base changed, if there was any change on the corporate name of the data controller, among others.
Please note that substantial changes, such as those related with the purposes to handle data, the data processor, the attention lines, classification and types of personal data, and international data transfers and transmissions, must be reported within the first 10 business days of the month in which the changes took place.
If by the time of the annual update there are any substantial changes that have not been registered those should be registered at the annual update.
Please note that when a new data base is created, it must be registered within the National Data Base Registry within the following two (2) months in which it was created.
Also, it is necessary to perform the corresponding report of claims presented by data subjects in the previous semester; such report must be performed at the National Data Base Registry and shall be complemented every semester during the first fifteen (15) business days of February and August; therefore for year 2024 the first report on claims (positive or negative) presented by data subjects must be filed no later than on February 21st 2024 in which the claims performed by data subjects during the previous semester (July to December 2023) must be reported. Also, note that the second report of claims performed by data subject, must be filed on the first fifteen (15) business days of August and therefore this year it must be performed no later than on August 23rd, 2024 (in this case it is necessary to report the claims received from January to June 2024).
At last, it is important to remind you that the companies that must comply with the registry obligation are those with assets of more than 100.000 UVT (for 2024 COP $4.706.500.000), approx. USD$1.176.625). However, all the entities that perform any data handling activity (i.e. collect, use, storage) must comply with all of the other obligations established in the data protection regulation.
Foreign Non-Profit Entities with permanent business in Colombia, which are under the supervision of the Superintendence of Companies, must implement a PTEE to identify and assess the risks of Corruption and Transnational Bribery, no later than August 31, 2024.
Foreign Non-Profit Entities with permanent business in Colombia, which are under the supervision of the Superintendence of Companies a SAGRILAFT no later than August 31, 2024.
4.1 ROS:Entities obliged to implement SAGRILAFT and/or Minimum Measures Regime, in whose operation a Suspicious Transaction materializes, must submit a Suspicious Transaction Report to the UIAF immediately after becoming aware of it.
4.2 AROS: The entities obliged to implement SAGRILAFT and/or Minimum Measures Regime in whose operation a Suspicious Transaction has not materialized, must submit to the UIAF, a Suspicious Transaction Absence Report, within the first 10 calendar days of the months of January, April, July and October.
The SAGRILAFT and PTEE Compliance Officer, shall submit for approval of the Board of Directors, a report on his/her management during the year 2023, which shall refer, at least, to the following aspects:
5.1 Evaluation and analysis of the efficiency and effectiveness of the system and, if applicable, propose the respective improvements.
5.2 They must reflect the results of the management of the compliance officer and of the company’s administration in the compliance with the implemented prevention system.
5.3 Number of unusual operations detected.
5.4 Number of suspicious operation reports.
5.5 Number of Absence of Suspicious Operations Reports (AROS) sent to the UIAF.
5.6 Complaints or internal investigations.
5.7 Training carried out.