Businesses Encouraged to Begin Practising Data Protection Standards

Local businesses are being encouraged to start practising the country’s data-protection standards, ahead of the full implementation of the Data Protection Act, 2020.

The Act will take full effect in November 2023.

Information Commissioner, Celia Barclay, said this will help entities to become familiar with the guidelines and implement measures that will prevent them from committing avoidable breaches.

Under the Act, a business or business owner that fails to comply with the standards risks prosecution and will be liable to a fine or imprisonment.

“Depending on the offence, fines can be up to 10 million dollars or up to four per cent of the business’ gross annual turnover. Imprisonment could be for a period of up to 10 years. Either would be detrimental to the reputation and survival of the business and its operators,” Ms. Barclay told JIS News.

She pointed out that it is critical for entities to understand that the security of personal data is essential in doing business locally and attracting investments. It is also a necessity for international trade.

The Data Protection Act prescribes that businesses are legally obligated to process customers’ personal data “the right way”.

Processing means any possible use of information that can identify a living person or someone who has been dead for up to 30 years. Usage includes but is not limited to obtaining, recording, storing, organising and consulting about customer information.

“As people become more conscious of the risk to their personal data, businesses will need to provide some assurance as to its protection to attract consumers,” she said.

The Information Commissioner added that “a big part of compliance is obtaining individuals informed consent to the processing [of their data] and ensuring that persons can make inquiries and complaints and receive a response or effective remedy”.

The passage of the Data Protection Act, 2020 made provision for the establishment of the Office of the Information Commissioner (OIC), which is currently being operationalised.

The OIC is responsible for monitoring compliance with the Act and attendant regulations as well as advising the Government on matters relating to data protection and access to information.