The Cayman Islands and GDPR published an article in July 2020, about the GDPR and Cayman’s Data Protection Law for Insurance Managers and clients. Here’s a summary:

  • The General Data Protection Regulation 2016/679 is a set of EU regulations for protecting personal data and privacy within the EU.
  • It has extraterritorial effects that apply to processing personal data of persons situated in the EU by a controller or processor not established in the EU where processing activities are related to offering goods or services or monitoring data subject behaviour within the EU.
  • The GDPR possibly applies to Cayman captives and insurance managers even though it is not very common to find them in scope for GDPR purposes as most of these originate from the USA.
  • Additionally, it is not often said that a Cayman captive or insurance manager could be said to be processing the personal data of persons situated in the EU concerning offering goods or services or monitoring persons’ behaviour, although it may occasionally occur.
  • The Cayman Islands have decided to follow the EU’s suit and many other jurisdictions around the world by enacting its data protection regime, largely in line with the principles listed in the GDPR.
  • The Cayman Islands Data Protection Law (DPL) was introduced on September 30, 2019, and addresses the genuine need for data protection within the Cayman Islands and meet international standards.
  • The DPL will affect any individuals and organizations established in Cayman which process personal data, even if the data is being processed outside of Cayman.



Contributed by Racquel Bailey from Jamaica. Racquel is a member of our Women in InfoSec Caribbean (WISC) initiative on Discord. WISC is a non-profit initiative supporting Caribbean women and girls to develop a career in Information Security. Learn more about WISC at

Previous Article

E-government, ECLAC and data protection rights

Next Article

Bermuda has a new privacy commissioner

Related Posts