Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.
Data transfers typically include the following examples:
Under Colombia’s data protection law (Law 1581 of 2012), personal data may only be transferred to countries which provide at least the same level of data protection as Colombia. Data can also be transferred to other countries (which don’t necessarily provide the same level of protection) in certain cases, including when:
Certain countries have been deemed to have an adequate level of protection, including countries in the EU, countries declared as having adequate protection by the European Commission, and the United States.
Data can also be transferred internationally to a third party for the purpose of processing data on behalf of the employer. In this case, the third party must contractually agree to apply the same data protection and security obligations as the employer. The agreement must include the:
HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. Personal data should only be transferred when an adequate level of protection is ensured.