What Does the Data Protection Act Mean for your Business?
On May 19, 2020, the Data Protection Act was passed into law in Jamaica. Many countries have had legislation to protect data, and finally, Jamaica has joined them. Now, all businesses MUST put IT Solutions in place to protect the privacy of customers. The Act protects the personal information of data subjects, which is stored digitally or physically. What does this mean for your small business? CEO of tTech Ltd, Christopher Reckord, told us more on #MoneyMovesJa.
“Finally we have something in place in the country that you can now take legal steps if someone misuses your private data,” he said. According to Reckord, the essence of the Data Protection Act is protecting the owner of the private data.
“Your name, your aliases, your image, your date of birth, who you give it to, what can they use it for, and how long they have it for comes into question,” he stated.
As outlined in Clause 76 of the Bill, a two year transition period will allow business owners and data controllers time to take steps to ensure full compliance with the new law. The Data Protection Act requires that data only be obtained for specific lawful purposes, with consent, and not to be further used or processed in any way incompatible with the original purpose.
Under the legislation, data must be accurate and kept up to date; and must not be held for longer than necessary for the original purpose. Additionally, the data must be disposed of per the regulations.
The Act further stipulates that data should not be shared with territories outside of Jamaica, unless the state assures to adequately protect the rights and freedoms of the individual from whom the data has been collected.
Reckord explained that some of the other main guidelines for small businesses include ensuring that the data is safe, and communicating with whoever is giving them data (whether staff or customers).
“If your business, maybe a YouTube channel requires persons to subscribe, how long are you keeping the info for? What else are you gonna use the info for? Are they gonna start getting emails inviting me to stuff they don’t wanna go to?” he explained. Reckord added that businesses will have to let persons know how long they will be using the data, what they will be using it for, and specifically what they need to do with the data.
The new law is segmented into seven standards. Chris emphasized the importance of Standard Seven, which requires that satisfactory systems be put in place to prevent unauthorized sharing of data.
Moreover, Reckord stated that the law requires that companies have a Data Protection Officer. The Data Protection Officer, or the comptroller, is an independent advocate for the proper care and usage of customer and employee information.
So what happens if your business does not take steps to comply with the Act? What is the penalty for committing an offense under the Data Protection Act? A company may be liable to a fine of up to 4% of its annual gross worldwide turnover. Such a fine can impact the profitability of your business.
We live in a rapidly expanding digital world, and data has become an increasingly sensitive and protected resource. Businesses must take steps to comply with the regulations to protect privacy and avoid paying hefty fines.
