Resources
The Antigua and Barbuda Data Protection Act, which was enacted as the Data Protection Act, 2013 (No. 10 of 2013). The Act governs how personal information is collected, processed, stored, and disclosed, ensuring that individuals (data subjects) have rights over their data while holding data controllers accountable for lawful and fair data processing. Under the Act, individuals have specific rights, including the right to access, rectify, and delete their personal data. This means that data subjects can request information on how their data is being used and demand corrections or removal if the data is inaccurate or processed unlawfully. The Act also imposes security obligations on data controllers, requiring them to implement measures to safeguard personal data against unauthorised access, loss, or breaches. Additionally, the Act regulates data transfers to third parties and foreign jurisdictions, ensuring that personal data is not shared without proper safeguards.
To oversee compliance, the Act establishes the Information Commissioner, who serves as the regulatory authority responsible for enforcement, investigation of complaints, and ensuring that organisations adhere to the law. While the Act provides general protections, it also outlines specific exemptions, particularly for law enforcement, national security, and certain journalistic activities, where strict compliance may not always be feasible.
