Bahamas Data Protection law vs EU’s GDPR

Parris Whittaker published an article on June 20th, 2020 about The GDPR vs Bahamas Data Protection (Privacy of Personal Information) Act (DPA).

The most notable among the data protection frameworks is the General Data Protection Regulation (GDPR). GDPR is a set of rules designed to give EU citizens more rights to access and control over their personal data. The DPA is similar with a few key differences in which this article will explain.

Key points:

  • Both the GDPR and DPA give consumers the right to access, the right to delete, and the right to correct or rectify inaccurate data. The GDPR explicitly requires notice and consent while the DPA does not.
  • The Bahamas Law does not require database registration neither does it require the appointment of a data protection officer. The Bahamas Law also does not restrict cross border transfers. There is non-binding guidance that the DPA provides in the light of all its requirements.
  • As of 2019, Google was pointed out for breaching the GDPR for failing to provide adequate information to users about its data consent policies among other things. They were fined over 50 million Euros by France’s Data Protection Regulator.
  • It is recommended that companies managing people’s data conduct regular audits and risk assessments to determine how data is collected, processed, and stored and minimize who has access to it. Employees should also be well versed in organizational policies and GDPR policies.



Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.

Previous Post

Report: ‘BlueLeaks’ Exposes Sensitive Data From Police Departments

Next Post

New WastedLocker Ransomware distributed via fake program updates

Related Posts