DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

πŸ‡¨πŸ‡΄ Latin America & Caribbean

Cookie consent in Colombia

Consent and privacy law in Colombia

In short
Colombia's Law 1581 of 2012, with implementing Decree 1377 of 2013, is enforced by the data protection delegate of the SIC. A distinctive feature is the national database registry, the RNBD, where controllers must register their databases of personal data. Consent must be prior, express, and informed, which is closer to the opt-in model, and sensitive data needs explicit consent. The SIC has been an active enforcer, issuing fines for unlawful marketing and data sharing. Privacy policies and notices in Spanish are expected. Cookies that identify users are treated as personal data, and direct marketing requires consent.
Authority
Superintendencia de Industria y Comercio (SIC)
Status

Law 1581 of 2012 with Decree 1377 of 2013, enforced by the SIC

Primary law
Law 1581
Languages

es-419

Who must comply

Any controller or processor handling personal data registered or processed in Colombia.

Penalties

Fines up to around 2,000 monthly minimum wages for serious violations

Key obligations

  • Obtain prior, express and informed consent
  • Register databases with the national registry
  • Provide a clear privacy policy and purposes
  • Honor rights to know, update, rectify and delete
  • Apply security measures and report relevant incidents

Local guidance

  • Register databases in the RNBD with the SIC
  • Use prior, express, and informed consent
  • Provide notices in Spanish
  • Obtain consent for direct marketing

How ConsentX helps

  • Prior, express opt-in consent capture
  • Explicit handling for sensitive categories
  • Rights request intake and workflow
  • Consent receipts and evidence logs
  • Region rule engine tuned for Colombia
Get started free
yoursite.com
πŸ‡¨πŸ‡΄ Colombia

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Colombia using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Colombia.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Colombia requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Colombia audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What is Colombia's RNBD?+

The RNBD is the national database registry where controllers must register their databases of personal data with the SIC. It is a distinctive compliance obligation under Colombian law.

Is consent opt-in in Colombia?+

Yes. Consent must be prior, express, and informed under Law 1581, which is closer to the opt-in model. Sensitive data requires explicit consent.

Governing law

πŸ‡¨πŸ‡΄ Law 1581

Other countries in Latin America & Caribbean

πŸ‡§πŸ‡· BrasilπŸ‡¦πŸ‡· ArgentinaπŸ‡¨πŸ‡± ChileπŸ‡΅πŸ‡ͺ PerΓΊπŸ‡ΊπŸ‡Ύ UruguayπŸ‡ͺπŸ‡¨ Ecuador