Parris Whittaker published an article on June 20th, 2020 about The GDPR vs Bahamas Data Protection (Privacy of Personal Information) Act (DPA).
The most notable among the data protection frameworks is the General Data Protection Regulation (GDPR). GDPR is a set of rules designed to give EU citizens more rights to access and control over their personal data. The DPA is similar with a few key differences in which this article will explain.
- Both the GDPR and DPA give consumers the right to access, the right to delete, and the right to correct or rectify inaccurate data. The GDPR explicitly requires notice and consent while the DPA does not.
- The Bahamas Law does not require database registration neither does it require the appointment of a data protection officer. The Bahamas Law also does not restrict cross border transfers. There is non-binding guidance that the DPA provides in the light of all its requirements.
- As of 2019, Google was pointed out for breaching the GDPR for failing to provide adequate information to users about its data consent policies among other things. They were fined over 50 million Euros by France’s Data Protection Regulator.
- It is recommended that companies managing people’s data conduct regular audits and risk assessments to determine how data is collected, processed, and stored and minimize who has access to it. Employees should also be well versed in organizational policies and GDPR policies.
Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.