The Data Protection Law, 2017 (the “DPL”) will become effective on September 30, 2019 in the Cayman Islands. The DPL aims to provide a level of privacy and disclosure for individuals and entities when their personal data is being used by Cayman Islands entities. Certain violations of the DPL can lead to fines of up to CI$250,000 and imprisonment for up to five years. All entities organized in the Cayman Islands will be subject to the law in respect of personal information which they process. Further, they will have obligations in respect of any service providers that process and/or control the relevant personal data, regardless of jurisdiction of the service provider. In practice, the DPL will be most relevant for managers that manage feeder funds and master funds organized in the Cayman Islands.
To ensure compliance with the DPL, managers of Cayman Islands entities should:
- Review their current data collection, use, and protection policies and practices with Cayman Islands counsel and identify gaps in compliance with the DPL.
- Ensure that all existing contracts with service providers are DPL-compliant.