Employee Data Privacy

Colombia - Employee Access Rights

 Download as a PDF

Do individuals have the right to access their personal information? 

joshua-newton-210070Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.

Information Processing Policy

In Colombia, employers are required to maintain an information processing policy that is accessible to employees in paper or electronic form. The policy should include:

  • contact information for the employer;
  • the purpose(s) for processing personal data if not disclosed in a data processing notice;
  • employees’ rights with respect to their personal data;
  • contact information for the person or department responsible for responding to requests to exercise rights, inquiries and complaints about data processing;
  • procedures for responding to employee requests to exercise rights relating to data processing;
  • an effective date.

Material changes in the policy must be promptly communicated to employees.

kari-shea-193649Employee Access Requests

Employees and other individuals are entitled to request access to their personal data, free of charge, monthly or after a material change to the employer’s information processing policies. When an employer receives a personal information request from the employee, the employer must respond within 10 business days. When it’s not possible to provide this information in 10 days, employees must be informed of the reason for the delay within 5 business days.

Employees also have the right to request that inaccurate information is updated, corrected or deleted. Employees and other data subjects may file a complaint with the employer or send it through the appropriate unit designated by the employer (i.e., the data controller). Note that employers do not need to comply with deletion or revocation requests when there is a legal or contractual duty to retain the personal data.

Requests for correction/update/deletion should be handled within 15 business days. If there is an unavoidable delay, the individual must be informed of the reason for the delay, and changes (if any) must be made within 8 business days after the end of the original 15 day period.


HR Best Practices: Inform employees, job applicants and other individuals of their rights relating to their personal data. When receiving employee personal data access requests, ensure procedures are in place to enable a timely response within the required period.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk