Companies urged to get sensitized on new Data Protection Act
Companies who fail to adequately protect customers’ data could be fined up to four percent of their revenue in the next two years.
That’s part of the penalty under the new Data Protection Act (2020) which awaits promulgation. The Act which seeks to safeguard the privacy and personal information of Jamaicans, was passed in the Senate on June 12 after being approved without amendments in the House of Representatives a month earlier.
Speaking on #MoneyMovesJa with Kalilah Reynolds Chief Executive Officer at tTech Limited, Chris Reckord urged companies’ Boards of Directors to ensure that team members are sensitized about the metrics of the new Act.
He said the Government will not give an effective date of the Act until it has the relevant authorities in place to ensure monitoring and compliance.
In closing the debate on the Bill back in June, Leader of Government Business, Senator Kamina Johnson Smith, noted that there would be a two-year transition before the legislation took effect.
Reckord said companies should use the period to get their houses in order. He said they should use the time to assess the extent of personal private data being processed.
“The Minister [with responsibility] has to put the organization together. There has to be a commissioner or some sort of office that’s to be responsible for compliance so businesses have a little bit of time to be aware of what’s going on, start to learn what’s necessary, start to learn the organizational measures, the IT and cyber security measures,” he said.
Reckord said it will take some time for companies to understand the full legislation. For instance, he said it will now require organizations to have defined policies to let people know how they are processing their private data and to highlight those likely to be responsible in the event of a breach.
He said this information would also need to be presented to the appointed commissioner when the time comes for companies to register under the new Act.
“If for example you are a service provider doing work for a company and you now need to handle their staff’s names and addresses, date of births and anything that can identify that person, you now need to have an agreement with each other,” he said.
“Pretty much everybody needs to register. Some organizations have the resources to handle this internally but a lot don’t so one of the things we’re [tTech] now doing is coming in and doing board training, advising board of directors and management teams of their roles in this thing and and just giving as much information as possible,” added Reckord.
Other territories in the region with Data Protection laws include Barbados, St. Lucia and the Cayman Islands.
Reckord pointed out that in other areas with similar laws, companies have been ordered shut by commissioners for non compliance to the regulations. However he’s expecting a gentler approach in the Jamaican context as the country adjusts to the new regime.
“The expectation is that here there will be some leniency within the first period whether it’s a year or two but we’re out there helping people with technical and organizational measures. With an investment of US$2000, we would come in and tell you where you are, tell you what’s possible and we may even start some sort of a data mapping,” he noted.
The Data Protection Act underscores how personal data should be collected, processed, stored, used and disclosed in physical or electronic form.
Visit EXIM Bank’s Business Advisory Service at:
https://eximbankja.com
AUDIO ONLY
Recommended for you