Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

EU - Cayman Islands: GDPR v. Data Protection Act

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection Act (2021 Revision) (the Act).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Act with the  GDPR.

You can access the latest version of the report here.

What are the Act?

The Act is the primary piece of data protection legislation in the Cayman Islands, which updated the Data Protection Law, 2017 (Law 33 of 2017). The Act established the Office of the Ombudsman (the Ombudsman) and is supplemented by the Data Protection Regulations, 2018 (SL 17 of 2019) (the Regulations).

Key highlights

The Act and the GDPR share some similarities, including:

  • refer to data controllers, data processors, and data subjects;
  • provide similar definitions of personal data and data processing; and
  • provide for the right to be informed, the right of Access, and the right to object to processing.

However, despite their similarities, the Act and the GDPR also differ sometimes in their approach, such as:

  • unlike the GDPR, the Act does not directly refer to anonymization and pseudonymization;
  • the Act does not address Data Protection Impact Assessments (DPIA) or data protection officer (DPO) appointments; and
  • the Act does not provide additional requirements for children's data.