Wednesday, December 30, 2020
DMS ALERT – CAYMAN ISLANDS DATA PROTECTION LAW, 2017 (“DPL”) WILL COME INTO EFFECT ON 30TH SEPTEMBER 2019.

The Cayman Islands Data Protection Law, 2017 (“DPL”) will come into effect on 30th September 2019 and Cayman investment funds will be deemed to be data controllers under the DPL. This applies to all funds, not just those registered with, or otherwise authorised by, the Cayman Islands Monetary Authority. 

A key operational consequence of the DPL is that data breaches must be reported to the Office of the Ombudsman in the Cayman Islands within five (5) days. 

Data breaches can include inadvertent breaches, such as those caused by mis-configured investor data portals, not just malicious intrusions. 

Failure to notify the Office of the Ombudsman of a breach when required to do so is an offence under the DPL and can result in a conviction and a fine of approximately US$120,000. 

Failure to notify may also be subject to a monetary fine imposed by the Ombudsman under Section 55 of the DPL. 

As the fund is the data controller, it has the reporting and compliance responsibility, but personal data may be stored at various data processors such as the fund administrator, FATCA/CRS consultant, investment manager/adviser and the AML Compliance Officer/MLRO. 

The Ombudsman recommends that a data controller should have a data protection policy and the absence of such a policy may increase the likelihood of enforcement action in the event of a data breach. 

The data protection policy should conform to the eight data protection principles which can be found here

WHAT STEPS SHOULD I TAKE? 

1) Establish an inventory of personal data processors; 

2) Ensure the fund directors are aware of their obligations under the DPL; 

3) Ensure the fund board approves a data protection policy that incorporates the eight data protection principles; a. The policy should clearly designate a knowledgeable person who will be responsible for receiving, reviewing any onward reporting data breaches to the Ombudsman; 

4) Update agreements with all fund service providers who hold personal data; 

5) Update fund documents with a form of privacy notice; 

HOW CAN DMS HELP? 

DMS can assist with points 1), 2) & 3) as set out above and can discuss with you any relevant issues. Drawing on almost 20 years of governance, risk and compliance experience in the Cayman Islands, DMS has completed many hours of specific discussions with the Office of the Ombudsman regarding the application of the DPL to the uniquely distributed infrastructure of the alternative funds industry. 

Please contact your usual DMS representative to find out more or contact our team of specialized professionals. 

Logotipo do Compliasset

Somos o software de gestão de Compliance regulatório, Integridade e Privacidade líder no mercado de capitais.


Canal de Denúncias

Denuncie Irregularidades

Canal de LGPD para os titulares de dados que a Compliasset controla

Faça um pedido

Fique por perto

Histórias de inovação na área de Compliance. Os casos que apresentamos aqui são contados por pessoas que estão no dia-a-dia do Compliance das mais variadas organizações.

Debates com referências do mundo jurídico e de Compliance. Um papo dinâmico conduzido por Nicole Dyskant com foco em inovações, desafios e insights.

Histórias de inovação na área de Compliance. Os casos que apresentamos aqui são contados por pessoas que estão no dia-a-dia do Compliance das mais variadas organizações.

Debates com referências do mundo jurídico e de Compliance. Um papo dinâmico conduzido por Nicole Dyskant com foco em inovações, desafios e insights.



Compliasset Software e Soluções Digitais Ltda. Todos os direitos reservados