Skip navigation

Government is seeking public input before finalising draft regulations

Published 23rd March 2018, 3:35pm

Draft regulations for the Data Protection Law are now out for public consultation. The regulations, when passed, will complement the Data Protection Law when it comes into force in January 2019. The law was passed last year.

The Cayman Islands Government has now put out the draft regulations for consultation for a month - starting Monday, 26 March 2018 until Monday, 30 April 2018. This is to enable members of the public to submit their comments and other input to the authorities.

At the end of the consultation period, any comments and input will be analysed and acted upon, if valid and necessary, by the Data Protection Working Group, to adapt the draft regulations for approval by the Cabinet.

The regulations are expected to come into force at the same time as the law, in January 2019, and are intended to complement the legislation that was passed by legislators.

For example, the regulations create further exemptions, in relation to health, education and social work, in addition to those already in the law dealing with national security, law enforcement, legal proceedings, and a number of other specific areas in which personal data are processed.

Chair of the Data Protection Working Group Jan Liebaers said the protection of personal data privacy is now a vital component of the digitally dependent modern world, and the law’s coming into force will bring the Cayman Islands on par with its international business partners and competitors.

Primarily, the law grants important rights to individuals (terms as “data subjects” in the law) and provides for certain duties of businesses and organizations that control the means and purposes with which personal data are processed (termed as “data controllers”) in the public and private sectors.

The rights of individuals include the right to access their own personal data and know how it is being used, and to require that direct marketing cease. Data Controllers, for their part, must apply the data protection principles, respond in a timely fashion to requests from individuals for their personal data, and notify both the data subjects and the Ombudsman, who is the enforcement authority, of any personal data breaches.

Mr. Liebaers added, “We encourage everyone to become aware of their rights and obligations under the Data Protection Law, and submit their comments on the regulations during the public consultation period.”

The regulations are available from Monday, 26 March 2018 on the Cabinet Office website at in the publications section. Additionally, they are also posted on the features page of the CI Government’s main website,

Feedback should be emailed to