The Bahamas (Northern Region)
Turks and Caicos
Amsterdam
Cyprus
Cayman Islands
Jamaica
Barbados
British Virgin Islands
June 20 2020
In today’s world, with the constant technological advancements and the increase in the additional uses of personal data through e-commerce, online searches and video streaming, it is expected that privacy and data protection will face new challenges. Although there have been a number of frameworks developed in order to address the issue of data protection, the most notable is the General Data Protection Regulation, or GDPR.
What is the GDPR?
The GDPR has essentially standardized data protection laws across Europe and has afforded individual’s stronger rights to access and control their personal information. This progressive approach has led a number of countries to use the GDPR as guidance for how individual’s personal data should be handled. The GDPR has also had substantial effect globally due in part to its extraterritorial reach, which is triggered once any organization collects, controls, processes or stores any personal data involving European nationals.
The GDPR vs Bahamas DPA
The GDPR is often regarded as one of the most comprehensive data protection frameworks and so it is important to highlight some key similarities and differences with the Bahamas Data Protection (Privacy of Personal Information) Act (DPA).
In brief, both the GDPR and the DPA give consumers the right to access, the right to delete and the right to correct or rectify inaccurate data. They differ in that the GDPR explicitly requires notice and consent while the DPA does not. Unlike the GDPR, the Bahamas law does not require database registration, it does not make the appointment of a data protection officer mandatory and it does not restrict cross-border transfers. Nevertheless, while the DPA does not explicitly require these, it has provided non-binding guidance.
Recommendations for GDPR Compliance
As recent as 2019, Google was found to be in breach of the GDPR for failure to, among other things, provide adequate information to users about its data consent policies. It was fined over €50 million by France’s Data Protection Regulator. Though most of the fines imposed so far have been small, non-compliance with the GDPR can result in a fine of up to €20 million or 4% of the annual global turnover, whichever is higher, and fines of up to 2% of the annual global turnover for lower level offenses.
Here are three recommendations to help stay complaint with the GDPR:
CLOSE X