Data Protection
The Data Protection Act (DPA) gives individuals control over their personal data and protects against its misuse in both public and private sectors. Learn more about what the DPA means for you.
Our Role
We are the supervisory authority for data protection related matters. This means we investigate, mediate and decide your complaints about your rights and how your personal data is being used.
Did you know?
You have the right to access your personal data and to know who is using it and how.
Data Protection Principles
The DPA is centred around eight data protection principles that set out a framework within which personal data is processed. These eight principles are a good starting point to assess the processing that is being done is being undertaken.
- 1 Fair and Lawfulness Use
- 2 Purpose Limitation
- 3 Data Minimization
- 4 Data Accuracy
- 5 Storage Limitation
- 6 Respect for the Individual's rights
- 7 Security - Integrity and Confidentiality
- 8 International Transfers
For the Public
Curious about what data protection is and what the DPA means for you as an individual? The DPA grants individuals like you a number of important rights.
Visit our overview for individuals or jump straight to our guidance for individuals.
For Small Entities
Are you a small entity, such as a small business, a strata plan, a club or association, or a charity? Then this quick reference tool may be what you need to help you get up to speed with the DPA.
For Organizations
The DPA provides a legal framework for the use of personal information. Its scope extends to employees, clients, customers, students, and any other group of individuals you collect personal information about.
Visit our overview for organizations or jump straight to our detailed guidance for organizations.
I'm ready to report a Data Breach
If you have experienced a data breach, you have a duty to report it to the Ombudsman and the affected data subjects.
I’m ready to make a Data Protection Complaint
If you believe that personal data is not being carried out in compliance with the provisions of the Data Protection Act, you can make a complaint on behalf of yourself or another person.
Frequently asked questions
If you have a question, the answer may already be here for you.
Where do I find guidance on the Data Protection Act?
We have the following guidance:
- Overview for organizations (with an FAQ section at the bottom of the page)
- Guidance for organizations
- Overview for individuals (with an FAQ section at the bottom of the page)
- Guidance for individuals
Does the EU’s GDPR apply in the Cayman Islands?
The EU has no legal authority to enact laws in the Cayman Islands. However, if you collect personal data about individuals who are resident in the EU, you may be subject to the GDPR. For more details read our news item Cayman Islands Businesses & General Data Protection Regulations (GDPR).