25 May 2018 | News from the O

Cayman Islands businesses and the General Data Protection Regulation (GDPR)

On 25th May 2018 the General Data Protection Regulation (GDPR) came into effect in the European Union. The GDPR replaces the previous Data Protection Directive 95/46/EC, harmonizes data privacy across Europe, and protects and empowers EU citizens.

While the GDPR does not apply directly to most businesses and organizations in the Cayman Islands, any business, organization or public entity, whether based in the EU or not, that collects the personal information of European individuals may be subject to the GDPR, particularly if they have an establishment in the EU, offer goods or services to individuals in the EU, or monitor the behaviour of individuals in the EU.

The following links may be helpful for guidance on the GDPR:

 The Office of the Ombudsman in the Cayman Islands does not play any role in enforcing the GDPR, and does not offer any advice on compliance with the GDPR.

As the Cayman Islands is preparing for the commencement of the Data Protection Law (DPL) in January 2019 the Ombudsman encourages businesses, organizations and public authorities in the Cayman Islands to prepare for compliance with DPL.

The DPL follows many of the definitions and approaches of the EU’s GDPR. Although not strictly legally mandated, many of the additional requirements of the GDPR will constitute best practice in the Cayman Islands.

The Office of the Ombudsman is preparing guidance that will help individuals and businesses understand their rights and obligations under the DPL.