Support Centre

Cayman Islands


Law: The Data Protection Act (2021 Revision) ('the Act') and the Data Protection Regulations, 2018 (SL 17 of 2019) ('the Regulations')

Regulator: Office of the Ombudsman ('the Ombudsman')

Summary: The Cayman Islands is an autonomous British Overseas Territory, whose data protection law, supplemented by the Regulations, was drafted with the aim of achieving adequacy status with the EU under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). The Act and Regulations established various data subject rights when it came into effect on 30 September 2019, such as the right to access, rectification, to be informed, and the right to file a complaint and seek compensation for violations of these rights. The Act and Regulations also set similar legal grounds for data processing as defined in the GDPR, and restrictions on data transfers. However, unlike the GDPR, there are no equivalent data protection officer appointment or Data Protection Impact Assessment requirements and matters such as data processing records are only addressed in general terms. The Cayman Islands is also a member of the Caribbean Financial Action Task Force ('CFATF') and an Associated Member of the Caribbean Community ('CARICOM').


In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection Act (2021 Revision) (the Act).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Act with the  GDPR.

You can access the latest version of the report here.