Compliance Solutions Strategies posted an article on September 12, 2019, about the imminent Cayman Islands Data Protection law. Below are some key highlights:
- The Cayman Data Protection Law (DPL) applies to “personal data,” meaning data relating to a living natural person or data from which the identity of such person is known or identifiable, and broadly extends to include location, IP addresses, and other identifiers.
- With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or operations in the Cayman Islands who may have found themselves not subject to the GDPR may end up needing to comply with similar requirements anyway.
- The DPL is overseen by the Office of the Ombudsman, a supervisor authority in the Cayman Islands.
- Private funds organized under Cayman law or incorporated in the Cayman Islands are “established” in the Cayman Islands, even if they don’t have a physical presence there.
- The Cayman DPL applies to “personal data,” meaning data relating to a living natural person or data from which the identity of such person is known or identifiable, and broadly extends to include location, IP addresses, and other identifiers.
- Similar to the GDPR, the Cayman DPL contains several overarching data protection principles, including: Fair and Lawful Processing – Firms must have a legal basis for the data they collect, and provide transparency about what they are collecting.
Reference(s):