Jamaica Data Protection Act v GDPR
Action / Activity
Registration with the Information Commissioner’s Office
Privacy notice
Conditions for processing
Personal Data
Standards/Principles
Data Subject Rights
Right of Access
Direct Marketing
Data Protection Officer
Data Protection Impact Assessment
Data Breach
Offences
Penalty
Liability for damage
Jamaica Data Protection Act
A data controller must register and supply accompanying documentation to the ICO prior to using personal data.
A privacy notice is not specifically mandated.
Processing must comply with at least one condition.
The definition includes information about living individuals and those who have been deceased for less than 30 years.
The law stipulates eight data protection standards
Some individual rights are specifically labelled whereas others are articulated within the text of the legislation.
The data controller may charge a fee to communicate information to the individual.
The data subject must either be a customer of the data controller or must have given their consent to direct marketing.
A data protection officer must be appointed if certain criteria are met.
The data controller must submit each year to the Information Commissioner a data protection impact assessment of all personal data being held.
Personal data breaches must be reported to both the Information Commissioner and the data subject.
Several offences for breaching or failing to comply with the Data Protection Act
The Data Protection Act specifies a range of financial penalties and periods of imprisonment.
The data controller is liable for compensating the individual who suffers damage.
UK GDPR / Data Protection Act
Accompanying documentation is not required when registering with the ICO.
Data controllers must publish and make available a privacy notice to data subjects.
Processing must comply with at least one lawful basis.
The definition applies only to living individuals.
The law stipulates seven data principles.
The eight individual rights are prominently listed within the legislation.
The data controller may charge a fee only if the request is deemed to be excessive or manifestly unfounded.
The rules are broadly the same.
The rules are broadly the same. Except, there is no mandated requirement for the data protection officer to report the data controller’s non-compliance to the Information Commissioner.
Submission to the Information Commissioner is required for only data protection impact assessments where the residual risk level is categorized as high.
Data breaches posing a risk to the data subject must be reported to the Information Commissioner. Data breaches which are likely to cause a high risk must be reported to the data subject.
The offences are more limited.
There are no specified custodial sentences under the Data Protection Act all offences are punishable only by a fine of up to £17 million.
The rules are broadly the same.
© 2022 Avla Business Services Ltd.