If you haven’t done so already, as a website owner you should take immediate steps to ensure you understand your obligations under the new Cayman Islands Data Protection Law (DPL). You must have in place policies and procedures to ensure the proper protection of all personal data under your control and create an effective governance regime for approving, overseeing, implementing and reviewing those policies.
The DPL, gazetted in 2017 and originally expected to be implemented in January 2019, will finally come into force on September 30. It was set up for the protection of personal data relating to individuals, including how such data are collected, processed, stored or transmitted, particularly regarding individual dealings with government and corporate entities.
This new law will have major implications for local and international firms in the Cayman Islands, as well as for any outside entities that have data processing functions here.
Netclues has been advising clients about what their online data responsibilities are under the new law and making necessary changes for them in time for its implementation. We can also help you navigate your way through this complicated landscape to ensure compliance and improve online data security and management.
Many Cayman financial and law firms will already be quite familiar with the concept of data protection laws such as the UK’s Data Protection Act and the European Union’s General Data Protection Regulation (GDPR), a unified legal basis for data protection and enforcement across its member states. But there are still many smaller local companies here that may be unfamiliar or entirely unaware of what is required.
DPL provides a framework of rights and duties designed to give individuals doing business with Cayman-based organizations greater control over their personal data. It supports growing international expectations that organisations operating in offshore jurisdictions have comprehensive data protection requirements and robust data privacy laws.
Personal data is defined widely under the DPL to include any data relating to a living individual. Personal data must be processed fairly and lawfully and used for a legitimate purpose that has been notified to the individual data subject in advance.
The DPL gives individuals the right to access personal data held about them and to request that any inaccuracies are corrected or deleted. Organisations will need to have policies and procedures in place to manage these requests. The law also obliges businesses to cease processing personal data once the purposes for which that data has been collected have been exhausted.
Netclues has all the tools and expertise necessary to help you ensure your online DPL compliance becomes a core part of your day-to-day online operations. You need to be able to set up and manage databases, a robust paper trail, saving, storing and retrieving information, lock and key security, etc.
Under the data protection law, anyone who controls personal data must provide information at the time the data is collected, including why the data is processed and how it is safeguarded. The new law also gives individuals the right to request and access their personal data held by an organization, and data controllers are given 30 days to comply.
As a result, companies need to have a system in place enabling them to find the information and report it to the individuals when requested. Here, Netclues can enable this entire process and ensure that our clients are compliant in accordance with the new law.
Under the new law, it is also important not to keep any personal data longer than necessary. While there are no prescribed time periods, organizations need to analyze how long they should maintain personal data for a specific purpose.
Personal data holdings should not be excessive in relation to the purposes for which they are collected and should be securely purged once those purposes have been fulfilled. If personal data is processed for any new purposes, this processing can only be undertaken if fresh consent is obtained. Data subjects must also be informed of any countries or territories outside the Cayman Islands to which their personal data may be transferred.
Data retention periods are not set out in the DPL, but it is up to website owners to determine how long data should be kept for. It will also be necessary to evaluate how personal data can be securely deleted once the reasons for holding it have been fulfilled.
Implementing a data protection compliance programme requires coordinated engagement with the correct stakeholders across the organisation and a governance regime for approving, overseeing, implementing and reviewing the various policies. Netclues can help here, with our thorough understanding of the new law as well as wealth of experience and expertise in online data protection and management compliance. Here are a few things your legal department can do to make your Online Presence DPL compliant:
No. Netclues helps develop and implement online solutions only. We recommend that clients seek independent legal advice about specific DPL issues. What Netclues does is help put in various mechanisms in place to ensure good data practices when it comes to online world.
The Office of the Ombudsman will have responsibility for enforcing the new law, which has harsh provisions for those who mishandle data, but also has protections in place that allow organizations to make representations in their own defense. Violations of the data protection requirements can draw up to CI$250,000 in fines. The office of the ombudsman can be contacted on +1-(345)-946-6283 or by email on email@example.com
If you need help with making your website DPL compliant, call Netclues on +1-(345)-925-2222 or email us on firstname.lastname@example.org
Jay Mehta is the Internet Marketing & Sales Executive at Netclues for over a decade. Jay has been a marketer, content writer, blogger, advertiser, project manager and a knowledge base for several business in the Cayman Islands and he has had many publications in the industry.
At Netclues we intent on being a company that the entire community is proud of. We invest greatly in people & technology. We have some extremely talented people who work with us to give our clients exceptional products & service. We never satisfy with “good enough” we always aim for perfection & excellence. We work extremely hard and now and again get recognized for it as well.
Netclues is a team of web development experts, who came together years ago with a vision to offer enterprise and organization level solutions to clients. Equipped with the best people, first hand experience and the best technological backbone of the industry, we bring businesses face-to-face with profitability and an intensive brand awareness. One thing about us, which we feel elation in elaborating, is our capacity to customize