Data Protection

The Data Protection Law (DPL) commences 30 September 2019. It gives individuals control over their personal data and protects against its misuse in both public and private sectors. Learn more about what the DPL means for you. 

Our Role

We are the supervisory authority for data protection related matters. However, until 30 September 2019, the Office of the Ombudsman has no powers to act under the Law. Therefore, we will not be able to investigate, mediate or decide your complaints until then.

Did you know?

You have the right to access your personal data and to know who is using it and how.

Data Protection Principles

The DPL is centred around eight data protection principles that set out a framework within which personal data is processed. These eight principles are a good starting point to assess the processing that is being done is being undertaken.

  • 1 Fair and Lawfulness Use
  • 2 Purpose Limitation
  • 3 Data Minimization
  • 4 Data Accuracy
  • 5 Storage Limitation
  • 6 Respect for the Individual's rights
  • 7 Security - Integrity and Confidentiality
  • 8 International Transfers

For the Public

Curious about what data protection is and what the DPL means for you as an individual? The DPL grants individuals like you a number of important rights.

Visit our overview for individuals or jump straight to our guidance for individuals.

For Small Entities

Are you a small entity, such as a small business, a strata plan, a club or association, or a charity? Then this quick reference tool may be what you need to help you get up to speed with the DPL.

Learn more about how the law applies to your small entity.

For Organizations

The DPL provides a legal framework for the use of personal information. Its scope extends to employees, clients, customers, students, and any other group of individuals you collect personal information about.

Visit our overview for organizations or jump straight to our detailed guidance for organizations.

Frequently asked questions

If you have a question, the answer may already be here for you.

Where do I find guidance on the Data Protection Law?

We have the following guidance:

Does the EU’s GDPR apply in the Cayman Islands?

The EU has no legal authority to enact laws in the Cayman Islands. However, if you collect personal data about individuals who are resident in the EU, you may be subject to the GDPR. For more details read our news item Cayman Islands Businesses & General Data Protection Regulations (GDPR).