The Cayman Islands Data Protection Law, 2017 (the "DPL"), came into effect on 30 September 2019. The DPL is broadly based on the same internationally recognized principles that form the basis for other data protection laws around the world and will protect the storage and use of personal data by those that hold it.
The DPL gives individuals the right to access personal data held about them and to request that any inaccurate data is corrected or deleted. Organisations will need to have policies and procedures in place to manage these requests. The law also obliges businesses to cease processing personal data once the purposes for which that data has been collected have been exhausted.
Any Cayman Islands funds will be "data controllers" under the DPL and must take steps to comply. Cayman Islands funds that already comply with GDPR (in the European Union) or with existing US data protection law should review their existing policies and ensure that they extend to cover data collected or processed in the Cayman Islands.
Cayman Islands funds that do not already comply with GDPR or existing US data protection law should ensure that they have the correct policies and procedures in place and then approve and circulate a privacy notice for existing Investors. The privacy notice should then be used in all future subscription documents. Administration and investment management agreements should also be reviewed and amended (if required) in order to ensure compliance with the DPL. We can assist with the form and implementation of the privacy notice if you require.
If you would like further information please contact: