Since the implementation of the General Data Protection Regulation (GDPR), there has been a race amongst territories in the Caribbean to enforce data protection legislation.
Specific to Jamaica, The Data Protection Act, 2020 was passed by the Government of Jamaica in June 2020.
It was subsequently implemented on December 1st 2023.
A six-month grace period (as of December 1st 2023) was extended to data controllers in Jamaica, to allow them sufficient time to take the necessary preparation steps to ensure full compliance with the requirements under the Act.
The grace period is set to expire on June 1st 2024.
We can help!
Calibra Solutions Limited, alongside their partners Data Privacy & Security Advisors LLC and Hart Muirhead Fatta provides legal and technical services to help your company or achieve compliance with the Act.
Our JDPA Compliance Readiness Program covers all critical aspects of compliance, from privacy gap & risk assessments, to data mapping, staff training, general legal services, assisting with registration, and privacy software implementation.
The Program includes:
- Custom JDPA Privacy Gap & Risk Assessment to identify gaps and measure readiness.
- Comprehensive risk analysis with an actionable recommendations report.
- Remediation plan and prioritized roadmap to achieve full compliance.
- Assessment Findings & Review session with your JDPA privacy expert.
- Data Mapping.
- Record of Processing Activities.
- General legal advice on data protection compliance.
- Review of existing policies and procedures.
- Review/Draft of Standard policies on data protection, classification and retention.
- Guidance on the appointment of a Data Protection Officer.
- Staff training and awareness programs.
- (Assisting with) Registration as a data controller under the Data Protection Act of Jamaica with the Information Commissioner of Jamaica.
- OneTrust Privacy Implementation.
- Privacy Office Service (administrative service to support ongoing compliance requirements, including the completion of impact assessment, managing data subject access requests, responding to data breaches, etc.).