Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Bermuda: PrivCom publishes guidance on DPOs

The Bermuda Office of the Privacy Commissioner ('PrivCom') published, on 25 August 2021, guidance on the qualifications and duties of data protection officers ('DPOs') under the Personal Information Protection Act, 2016 ('PIPA'). In particular, the guidance outlines that the role of the DPO may be delegated to other members of an organisation and the public-facing contact for all questions relating to privacy and personal information. Furthermore, the guidance clarifies that whoever is designated as a DPO should be a senior decision-maker who is supported by leadership and empowered to act regarding PIPA compliance. In addition, the guidance provides a non-exhaustive list of duties for a DPO including:

  • maintaining compliance with PIPA;
  • communicating with PrivCom; and
  • responding to public questions and rights requests.

Finally, the guidance notes that, under Section 47 of PIPA, a DPO may be liable when an offence is 'committed with the consent or connivance of, or to be attributable to, any neglect on the part of ... any director, manager, secretary, or similar officer.' As such, the guidance recommends that DPOs should take care to document their actions and recommendations, such as steps taken in the development of the organisation's privacy program. 

You can read the guidance here.