Data Protection in Colombia: Sanctions, NEW SIC Rules and the Impact of Artificial Intelligence

Data Strategy, Security & Privacy attorney Danilo Romero was quoted in Revista Dinero emphasizing that the ramp-up in Colombia's data protection enforcement regime requires companies to adopt a proactive approach to compliance, particularly in high‑risk sectors such as telecommunications, finance, technological platforms and healthcare. Amid a 22 percent rise in Accountability Report of the Superintendence of Industry and Commerce (SIC) sanctions in 2024 and new guidance on artificial intelligence (AI), biometrics, directors' duties, financial technology (FinTech) consent and web scraping, Mr. Romero stressed that many complaints stem from poor response to claims. He recommended robust, end-to-end personal data governance programs to minimize legal risk and reinforce user trust as Colombia advances bills and laws on AI and sensitive data.

"It is essential to bear in mind that many of the complaints or denunciations received by entities such as the SIC or the Superfinanciera in terms of personal data protection have their origin in an inadequate handling of initial claims by companies," he said. "For this reason, in addition to rigorously complying with the current legal regime, we recommend adopting a preventive approach through the implementation of comprehensive programs for the management of solid personal data, which minimize risks and strengthen the trust of the holders."

READ: Data Protection in Colombia: Sanctions, NEW SIC Rules and the Impact of Artificial Intelligence