Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
EU - Cayman Islands: GDPR v. Data Protection Act
In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection Act (2021 Revision) (the Act).
The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Act with the GDPR.
You can access the latest version of the report here.
What are the Act?
The Act is the primary piece of data protection legislation in the Cayman Islands, which updated the Data Protection Law, 2017 (Law 33 of 2017). The Act established the Office of the Ombudsman (the Ombudsman) and is supplemented by the Data Protection Regulations, 2018 (SL 17 of 2019) (the Regulations).
Key highlights
The Act and the GDPR share some similarities, including:
- refer to data controllers, data processors, and data subjects;
- provide similar definitions of personal data and data processing; and
- provide for the right to be informed, the right of Access, and the right to object to processing.
However, despite their similarities, the Act and the GDPR also differ sometimes in their approach, such as:
- unlike the GDPR, the Act does not directly refer to anonymization and pseudonymization;
- the Act does not address Data Protection Impact Assessments (DPIA) or data protection officer (DPO) appointments; and
- the Act does not provide additional requirements for children's data.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
