Jamaica’s Data Protection Act

Written by Juronel Smalling

One of the current hot topics covering several sectors in Jamaica is the implementation of the Jamaica Data Protection Act (“JDPA”). In December 2023, the office of the Information Commissioner announced a 6 months grace period for companies to register. With the June 01, 2024 deadline being around the corner, one of the benefits of the implementation of the JDPA has been new job opportunities for persons in Jamaica’s tech industry. Another benefit is Jamaica’s international presence in the privacy industry as several professionals, including myself, are members of the International Association of Privacy Professionals (IAPP) and share in the Caribbean KnowledgeNet Chapter.

With the grace period coming to an end, job boards have been flooded with openings for the role of data protection officer in government, and private entities. One of the important things to bear in mind about this role, is that it is an independent role intended to monitor a data controller’s compliance with the JDPA. Also, not every Data Controller is required to appoint a Data Protection Officer.

Unlike in other countries, Jamaica only requires data controllers to register. The Information Commissioner’s regulations are now available and provide more detailed guidance on the registration process. Registration is an annual event which should be completed on or before December 01. Information such as the contact details of the data protection officer, the TRN number, or similar number for a foreign entity, and a reasonable estimate of the number of data subjects are required in the registration process.

Registration can only be completed on the website of the Office of the Information Commissioner however, at the time of writing, that section of the website remains unavailable. It would be wise for Data Controllers to monitor the website, and for now, create an account as the first step to registering.

Until next time, stay safe.