This article considers what an IP’s role is in respect of the recently enacted Data Protection Law, 2017 (“DPL”) and some practical considerations for IPs in the Cayman Islands when faced with managing personal data.
The DPL came into effect as of 30 September 2019. The Office of the Ombudsman is Cayman’s supervisory authority for data protection. The DPL applies to personal data processed by “data controllers” and “data processors”. Cayman financial sector entities established in the Cayman Islands will generally be considered “data controllers”, “data processors” or both. The DPL also applies to “processing” carried out by data controllers established within the Cayman Islands and to data controllers outside of the Cayman Islands that process personal data within the Cayman Islands. The DPL does not carve-out or exempt companies facing financial difficulties or in formal insolvency proceedings. As a result, the DPL applies to insolvent companies and any appointment taker such as an IP in formal insolvency proceedings.
Definitions under the DPL
The first step in ascertaining whether or not the DPL is applicable to an IP is to establish if the IP is a data controller or a data processor.
Under the DPL the data controller is responsible for ensuring that the eight data protection principles are complied with.
To continue reading full articles in PDF format:
Data Protection Law for Insolvency Practitioners (“IPs”)