The BES Islands' Commission for the Supervision of Data Protection ('CBS BES') published, on 3 February 2020, an audit report ('the Report') regarding the processing of personal data at Maduro & Curiël’s Bank (Bonaire) N.V. ('MCB'). In particular, the Report is the result of an investigation by CBP BES regarding the compatibility of the processing of personal data by MCB with the right to the protection of personal data under the Act of May 17, 2010 Containing Rules on the Protection of Personal Data of Bonaire, Sint Eustatius and Saba. Moreover, the Report finds that the MCB had failed to observe the principles of necessity and proportionality when processing personal data of customer files. 

In addition, the Report highlights that MCB had not acted proportionately given the purpose for which the customer files were processed and MCB had failed to implement the principles of lawful consent. Finally, the Report outlines the CBP BES has provided MCB with recommendations including, increased security awareness on information security policies, updating their consent and Know your Customer ('KYC') polices, and a requirement to conduct an in-depth Data Protection Impact Assessment ('DPIA') or Privacy Impact Assessment ('PIA') when introducing or modifying future products and services with a high privacy risk. 

You can read the Report, only available in Dutch, here.