News
| Apr 6, 2021

Advanced privacy law now enforceable in Barbados

/ Our Today

administrator
Reading Time: 2 minutes
Privacy compliance landscape in Barbados will change drastically. (Photo: Data Protection Report)

Barbados’ advanced privacy law, which has been widely acknowledged as being among the most advanced privacy laws in the Caribbean region, is now in force after being officially gazetted in late March .

This follows the recent issuing of a proclamation bringing into force the Barbados Data Protection Act, 2019-20. This new act will see the privacy compliance landscape in Barbados being changed drastically.

Since its passage in 2019, the act, which draws heavy inspiration from the European Union’s General Data Protection Regulation (GDPR), is now being brought into force. The GDPR is, arguably, the most comprehensive privacy law in the world today.

Notable changes

Among the practical changes stemming from the new act is that organisations will now have to consider drafting privacy policies to help users understand exactly how/why/where/when their information is being processed. In addition, there will be a new mandatory requirement for breach notifications.

When a data breach occurs, businesses will be obligated to alert the regulator in three days. For the first time, a number of businesses will have to implement mechanisms to facilitate requests from customers or employees (data subject access requests) to provide, edit or delete any of their personal information being processed by the organisation.

Breaches of the act will expose businesses to significant fines of up to US$250,000. Following the proclamation of the act, some organizations in Barbados will also need to give consideration to hiring data privacy officers to have oversight of the privacy function internally and liaise with the regulator.

Some provisions have not come into force

Not all provisions of the act has become enforceable. Specifically, businesses in Barbados will not be obligated to register with the regulator, as controllers or processors of data, as the provisions creating this obligation have not yet been given the green light.

There is no clear timeline for the proclamation of these provisions. It is presumed that these will be proclaimed after the regulator has set up a registry mechanism.

At present, the Government of Barbados is moving to officially appoint the regulator – the Data Protection Commissioner and allocate resources to funding that office. The Data Protection Commissioner will also serve as the enforcer for another recently passed law, the Barbados Identity Management Act.

Tags
Barbados Barbados Data Protection Act data protection Data Protection Commissioner General Data Protection Regulation Government of Barbados

Comments

What To Read Next

News JAM Sep 2, 2025

Tufton defends JLP’s minimum wage plan, accuses PNP of policy flip-flops

Reading Time: 2 minutesHealth and Wellness Minister Christopher Tufton yesterday defended the government’s commitment to doubling the national minimum wage over the next five years, while accusing the Opposition People’s National Party (PNP) of inconsistency and uncertainty in its economic proposals.

Speaking at a Jamaica Labour Party (JLP) press conference, Tufton said the Andrew Holness administration has a proven record of improving living standards and managing the economy responsibly.
News JAM Sep 2, 2025

Johnson Smith pledges bold youth agenda as JLP seeks third term

Reading Time: 2 minutesForeign Affairs and Foreign Trade Minister Kamina Johnson Smith yesterday outlined a sweeping vision for Jamaica’s young people, pledging deeper investments in education, housing, agriculture, and the creative sector if the Jamaica Labour Party (JLP) is returned to office for a third consecutive term.

Speaking at a JLP press conference, Johnson Smith dismissed recent criticism that young Jamaicans feel overlooked, insisting that the government has consistently engaged with youth voices and turned their concerns into policy.