For the fulfillment of the contractual object of many agreements that companies commonly enter during the ordinary course of their business, such as a provision of a specific service with a technology provider or a provider of communication services or health services, it is necessary for both the contracting party and the contractor to repeatedly access to personal information found in the other party's databases.
In the context where both contracting parties must share between them the totality or some parts of their databases, it is important to identify them with any of the personal data flow figures that the Colombian legal framework provides regarding the protection of personal data. Thus, it is important that companies get used to identifying whether the personal data flow they are performing, according to the nature and purpose of the business relationship, corresponds to a transmission or transfer of personal data. This because depending on which is the most appropriate figure for each case, the parties may regulate their obligations and levels of compliance in accordance with the duties which brings Law 1581 of 2012 on the role of a Controller and/or a Processor.
After identifying which figure clearly draws the most coherent and clear data flow inherent to the contractual object between the parties (transfer and/or transmission), it is important to include within the provisions of the agreement or the framework that governs the relationship, a clause referring to said flow. This clause must expressly indicate the following elements:
- Under which role, derived from the definitions of Law 1581 of 2021 are the contractual parties acting. That is, if they act as a Controller, which means they are the owner and can make decisions on the Processing of their databases or as a Processors who only processes part or all of a personal database under the instructions of a Controller.
- The purposes for which the flow of personal data that is intended to regulate is carried out.
- The scope and limitations of the transfer and/or transmission in terms of mode, time, and place.
- In case of transmission, corroborate the need or not of entering an international transmission agreement.
- Establish measures and obligations regarding custody and security of personal information.
- Among others.
The importance of this type of clauses to regulate the flow of personal information lies in the fact that they generate clarity between the parties regarding the fulfillment of the parallel obligations concerning protection of personal data that arise under the performance of the main contractual object. This are not of less importance since ultimately the parties have duties towards our regulatory framework specialized in personal data, which if not regulated for easier compliance between the parties could lead to fines, complaints and/or investigations against the qualities of the Controller and/or Processor.
If you require more information, do not hesitate to contact us.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.