The Superintendency of Industry and Commerce issued the Official Guide for Personal Data Protection Officers (the “Guide”), with the purpose of providing guidelines to data controllers and processors which intend to appoint a Data Protection Officer (“DPO”). Although there are no requirements under Colombian personal data protection regulations for organizations to appoint a DPO, the establishment of this position is considered as a good practice which aims to achieve compliance of the Accountability principle. Thus, the appointment of a DPO entails the deployment of mechanisms aimed at ensuring effective compliance by organizations with their obligations in terms of privacy and personal data protection.
In this regard, the Guide presents suggestions regarding how to proceed when appointing a DPO, as well as the duties that he/she may undertake in order to ensure due compliance with the principles, obligations and provisions set forth under Colombian regulations. Accordingly, an important recommendation to highlight is that of involving the DPO, where possible, in all operations or projects that involve the processing of personal data, from the earliest possible stage, as a privacy by default and by design measure.
Consequently, the Guide is not exclusively a series of recommendations for the DPO, but also an instrument to promote the compliance of data protection regulations.