Be proactive in terms of Data Protection Act

Wed, 09/02/2020 - 5:30am

Barbadian companies are being encouraged to become au fait with the Data Protection Act.

The advice is coming from cybersecurity specialist, David Gittens. Gittens said that while the legislation is yet to be proclaimed, it is imperative that organisations look at the legislation to see the requirements and at least put the basics in place to protect people’s information. His comment came as he explained that once the legislation is enforced, failure to abide by it could result in a hefty fine.

“Any organisation now that has a website that offers services or uses people data, should make themselves familiar with the Act. The Act is online that you can download the PDF and have a look to see the requirements... Basically the Act tell you this is what you can do with people’s data, this is what you can’t do; this is what you must tell the people about the data,” he stated.

With that in mind, the cybersecurity specialist indicated that every website that deals with data should have a privacy statement that persons can peruse and see how their data would be utilised.

“It would have things like we are not going to sell your data, we are not going to keep your data longer than we need to, we are only going to use it for the purpose of what we say. The actual Act has everything outlined that organisations that process data should do, [so] that they know exactly what they need to do, what they can’t do, what they should tell people, what rights they have to give people,” Gittens explained.

To that end, he is adamant that all organisations that process data, no matter how small the entity maybe, need look at the Act and to put the requisite provisions in place for their websites. He indicated that these companies need to be proactive, given that in some cases those companies would need to train staff or hire cybersecurity or data privacy professionals. In the case of the latter, he explained that where the entity is small, they can also outsource such work.

“... Organisations in Barbados that process data should have a look at the Barbados Data Protection Act to see what you need to put in place and start doing the training, the sensitisation [and] start speaking with your IT department,” he stated.

Gittens made the comments during a recently televised programme.

Barbados Advocate

Mailing Address:
Advocate Publishers (2000) Inc
Fontabelle, St. Michael, Barbados

Phone: (246) 467-2000
Fax: (246) 434-2020 / (246) 434-1000