The Cayman Islands Data Protection Act, 2017 (the "DPA"), came into effect on 30 September 2019.
The DPA is broadly based on the same internationally recognized principles that form the basis for other data protection laws around the world and will protect the storage and use of personal data by those that hold it.
The DPA gives individuals the right to access personal data held about them and to request that any inaccurate data is corrected or deleted. Organisations will need to have policies and procedures in place to manage these requests. The law also obliges businesses to cease processing personal data once the purposes for which that data has been collected have been exhausted.
Any Cayman Islands funds will be "data controllers" under the DPA and must take steps to comply. Cayman Islands funds that already comply with GDPR (in the European Union) or with existing US data protection law should review their existing policies and ensure that they extend to cover data collected or processed in the Cayman Islands.
If you would like further information please contact: