Jamaica established the Data Protection Act in 2020 that details who the new law
applies to and the requirements for personal data storage and handling. Under this
Act, anyone who processes personal data or collects this data from individuals is
considered a data controller and is responsible for adhering to the Act.
Regardless of a person's or organization's physical location, any data processed
through Jamaica must adhere to the country's privacy Act.
Any data controller that is not established in Jamaica must appoint a
representative. That representative must be a Jamaican resident, an entity
established in Jamaica, or who maintains in Jamaica an office, branch or agency
through which the person carries on any activity or a regular practice.
Data controllers must comply with data protection standards and must report
data breaches within 72 hours.
8 Data Controller Standards- Fair and Lawful Processing: Data may only be prciessed if the subject consents to data procedssing, and this consent has not been withdrawn.
For processing of sensitive data, this consent must be in writing.
- Obtained only for specified Lawful Purposes: Data should be collected only for specfiied and lawful purposes and shall not be processed in any manner that is incompatible with those purposes
- Data Quality: Personal data collected must be adequate, relevant and necessary relative to the purpose for which the data is prcessed.
- Accurate and Up to Date: The data must be accurate and kept up to date when necessary.
- Limited Retention: The data may not be kept for longer than is necessary and will need to be disposed of following regulations.
- Processed in Accordance with the Rights of Data Subjects: A data controller must process
personal data respecting data subject rights, such as the right to access the data and the right
to prevent processing of the data in certain specified circumstances.
- Protected by Appropriate Technical and Organizational Measures: Additional technical
and organizational measures are required, as a data controller.
- International Transfers: transfer of data outside of Jamaica is prohibited unless an
adequate level of protection can be ensured.