2 minute read | Articles

Nov 2019

This article considers what an IP’s role is in respect of the recently enacted Data Protection Law, 2017 (“DPL”) and some practical considerations for IPs in the Cayman Islands when faced with managing personal data.

The DPL came into effect as of 30 September 2019. The Office of the Ombudsman is Cayman’s supervisory authority for data protection. The DPL applies to personal data processed by “data controllers” and “data processors”. Cayman financial sector entities established in the Cayman Islands will generally be considered “data controllers”, “data processors” or both. The DPL also applies to “processing” carried out by data controllers established within the Cayman Islands and to data controllers outside of the Cayman Islands that process personal data within the Cayman Islands. The DPL does not carve-out or exempt companies facing financial difficulties or in formal insolvency proceedings.  As a result, the DPL applies to insolvent companies and any appointment taker such as an IP in formal insolvency proceedings.

Definitions under the DPL

The first step in ascertaining whether or not the DPL is applicable to an IP is to establish if the IP is a data controller or a data processor.

  • A “data controller” is the person who alone or jointly with others determines the purposes, conditions and manner in which any personal data are, or are to be processed.
  • A “person” includes any corporation, either aggregate or sole, and any club, society, association, public authority or other body, of one or more persons.
  • A “data processor” is any person which processes personal data on behalf of a data controller but does not include an employee of the data controller.
  • The term “personal data” means data relating to an identifiable living individual referred to as a “data subject”. The data subject does not need to be in the Cayman Islands.
  • The term “processing”, in relation to data, means obtaining, recording or holding data or carrying out any operation or set of operations on personal data.
  • The term “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed.

Under the DPL the data controller is responsible for ensuring that the eight data protection principles are complied with.

Click to Download

Paul Smith

Consultant

Bermuda

T +44 7473 113100

[email protected]

LinkedIn | vCard

Róisín Liddy-Murphy

Counsel

Cayman Islands

T +1 345 814 7371

[email protected]

LinkedIn | vCard

Related News & Insights

December 2022 | Offshore Cases

Reflective Loss and Strike Out / Summary Judgment: Burnford & Ors v Automobile Association Developments Ltd [2022] EWCA Civ 1943

 Read More

December 2022 |

Judicial Mediation in the Cayman Islands: Some New Judicial Guidelines

 Read More

November 2022 | News, Press Releases

Conyers Awarded Top-Tier Rankings by The Legal 500

 Read More

November 2022 | Articles

Cayman Islands Restructuring: Getting Oriente-d With the New Regime

 Read More

November 2022 | Consolidated Acts

British Virgin Islands Insolvency Act, 2003 and Related Legislation

 Read More

November 2022 | Consolidated Acts

British Virgin Islands Partnership Act, 1996

 Read More
More News & Insights

Stay current with our latest legal insights and subscribe today

Subscribe