If you’re running a clinic in Colombia and a vendor told you that you “have to register your database with the SIC before you can use a bot,” pause. The short answer surprises most people — and it’s good news for small businesses.
What is the database registry (RNBD)?
The Registro Nacional de Bases de Datos (RNBD) is a public inventory run by the Superintendencia de Industria y Comercio (SIC), Colombia’s data-protection authority. Certain companies are required to list the personal databases they manage in it. Think of it as a filing requirement — separate from the obligation to handle data properly in the first place.
Does my business need to register?
Probably not, if you’re a small business. The SIC sets thresholds (based on company size and assets) below which many micro and small businesses are exempt from listing their databases in the RNBD. The only correct way to confirm your situation is to check the current criteria with the SIC or an advisor — but for most small clinics, the registry doesn’t apply.
The mistake almost everyone makes
Here’s the nuance you need to get right:
Being exempt from the registry does NOT mean you’re exempt from the law.
Even if you never file your database in the RNBD, you’re still fully bound by Ley 1581 to:
- Collect prior, express and informed consent before processing data.
- Publish a privacy notice.
- Offer a channel for people to access, update, correct or delete their data.
| The RNBD (registry) | Ley 1581 (compliance) | |
|---|---|---|
| Applies to small businesses? | Often not (exemption) | Always |
| What it is | Filing your database with the SIC | Handling data lawfully |
| If you skip it | Possible sanction if you were required to file | Risk even when you’re exempt from the registry |
The trap, especially for foreign owners, is treating “I’m exempt” as “I’m done.” The exemption only removes a piece of paperwork — it removes none of your actual obligations.
So what should you actually do?
Two things, in order of importance:
- Comply with Ley 1581, always: consent + privacy notice + a rights channel. This is not optional for anyone, of any size.
- Check whether the RNBD applies to you: review the SIC’s thresholds for your company size; if you’re required, file.
If you’re new to Colombian data law, start with the basics in is it legal to automate WhatsApp in Colombia — it explains how Ley 1581 compares to GDPR and US rules, so the obligations above make sense in context.
How does Brevia handle the compliance part?
At Brevia we leave the operational side of step 1 done for you. The agent (we call it Bre) requests consent inside the chat and handles the privacy notice from the first message — captured with a timestamp, the way the law treats as valid proof. That consent flow and notice aligned with Ley 1581 are already part of our published pricing, not an add-on.
The RNBD filing, when it applies to you, is an administrative task for the business owner — and we point you in the right direction to resolve it. You don’t need to hire a Colombian data lawyer just to get started. If you want a sense of how much of this is handled for you versus left on your plate, compare DIY vs done-for-you automation.
This content is informational and not a substitute for legal advice. Confirm your specific case with the SIC or a qualified professional.