Mobile Menu

Data Protection – Cayman Islands

August 2017

In June 2017, The Data Protection Law (the “DP Law”) was published in the Cayman Islands Official Gazette. The DP Law will be brought into force by Cabinet Order. Related regulations and guidance are being settled such that we do not expect the DP Law to be brought into force before 2018.

The DP Law establishes a framework of rights and duties designed to safeguard individuals’ personal data, balanced against the need of public authorities, businesses and organisations to collect and use personal data for legitimate purposes. The DP Law was developed in line with international best practices while ensuring that it reflects the specific needs of the Cayman Islands. It is based substantially on the Data Protection Act, 1998 of the United Kingdom1.

Most businesses record information in respect of individuals, particularly those who are employees, clients or suppliers, and the obligations under the DP Law will require a detailed review or establishment of policies and procedures in order to achieve compliance. Non-compliance may have serious ramifications.

The DP Law defines “personal data” very widely to include any data which enables an individual to be identified.


To continue reading full articles in PDF format:
Data Protection – Cayman Islands


1 It does not reflect the EU’s General Data Protection Regulation (2016/679), which will apply in the EU from 25 May 2018 following a two year transition period.