Info commissioner warns financial institutions, businesses re DPOs Loop Jamaica
Black Immigrant Daily News
Jamaica’s Information Commissioner, Celia Barclay, is imploring local financial institutions and other business entities to ensure that by next year they appoint data protection officers (DPOs) in compliance with the Data Protection Act.
“If you want to comply, you have no option. You are mandated,” warned Barclay at Tuesday’s Institute of Financial Services Annual Anti-Money Laundering and Counter-Financing of Terrorism Conference.
The roles of DPOs include, among other things, to ensure that the organisation processes the personal data of its staff, customers or any other individual in compliance with the applicable data protection rules in keeping with the Data Protection Act, 2020.
“So, if you are a large processor (of data), as most financial institutions are, then you have a duty to appoint one (DPO),” said Barclay.
“So, I rest assured knowing that all the financial institutions represented here have either already appointed their DPOs and are taking steps to comply, or are moving towards appointing their DPOs and taking steps to comply,” she added.
In noting that DPOs do not assume liability in the event of a data breach, the information commissioner stressed the need for business owners to familiarise themselves with the guidelines of the Data Protection Act.
The Act prescribes that businesses are legally obligated to process customers’ personal data “the right way”.
Processing means any possible use of information that can identify a living person or someone who has been dead for up to 30 years. Usage includes, but is not limited to, obtaining, recording, storing, organising and consulting about customer information.
On Tuesday Barclay said financial institutions and other businesses have until November of next year to comply with the overall legislation.
“Now, fortunately, although the legislation was passed in 2020 and we did have a partial implementation in 2021, we are still operating in a transitional period.
“So, if you have not yet become fully compliant, there is still time. You do have until the end of a two-year period, which is November 30, 2023, in order to take steps to make sure you are ready to comply with the legislation,” stated Barclay.
The passage of the Data Protection Act, 2020, made provision for the establishment of the Office of the Information Commissioner (OIC), which is currently being operationalised.
The OIC is responsible for monitoring compliance with the Act and attendant regulations, as well as advising the Government on matters relative to data protection and access to information.
NewsAmericasNow.com