Law: The Data Protection Law, 2017 (Law 33 of 2017) ('the Law') and the Data Protection Regulations, 2018 (SL 17 of 2019) ('the Regulations')

Regulator: Office of the Ombudsman ('the Ombudsman')

Summary: The Cayman Islands is an autonomous British Overseas Territory, whose data protection law, supplemented by the Regulations, was drafted with the aim of achieving adequacy status with the EU under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The Law and Regulations established various data subject rights when it came into effect on 30 September 2019, such as the right to access, rectification, to be informed, and the right to file a complaint and seek compensation for violations of these rights. The Law and Regulations also set similar legal grounds for data processing as defined in the GDPR, and restrictions on data transfers. However, unlike the GDPR, there are no equivalent data protection officer appointment or Data Protection Impact Assessment requirements and matters such as data processing records are only addressed in general terms. The Cayman Islands is also a member of the Caribbean Financial Action Task Force ('CFATF') and an Associated Member of the Caribbean Community ('CARICOM').