Colombia

Colombia's privacy protection laws and regulations are as follows:

● Law 1581 of 2012: This law was promulgated on 17 October 2012 and establishes general provisions for the protection of personal data. It constitutes the general framework for the protection of personal data in Colombia and implements the constitutional right of Colombians to the protection of their personal data.

● Decree 1377 of 2013: The Decree was issued on June 27, 2013, and it provides more detailed regulations based on the contents of Law No. 1581 of 2012, further refining and regulating the requirements of such law.

● Law 1266 of 2008: This law was enacted on 31 December 2008 and regulates the processing of information in personal databases, in particular financial, credit, commercial, services and information from third countries.

● Law 2157 of 2021: The Law was enacted on October 29, 2021, and its purpose is to amend and supplement Law No. 1266 of 2008 in order to strengthen the protection of the types of personal data above-mentioned.

● The Guide for the Implementation of the Demonstrated Responsibility Principle in International Transfer of Personal Data: The Guidelines were issued by Colombian Data Protection Authority (Superintendence of Industry and Commerce), and recommend measures for the transfer of personal data from Colombia to other countries to ensure the security of personal data during cross-border transfers. However, the recommendations made in this Guide are not mandatory and do not constitute legal requirements, but only provide guidance for relevant parties to comply with Colombia's personal data protection requirements.

HUAWEI Cloud Colombia Privacy Compliance Instruction shares Huawei Cloud's experience and best practices in privacy protection with you to help you meet the compliance requirements of Colombia privacy law.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.