Resources
Bermuda enacted the Personal Information Protection Act 2016 (PIPA). The Act, which came into effect on January 1, 2025, establishes a comprehensive legal framework for protecting personal data and ensuring that organisations handle such data responsibly. The Act aligns with international best practices, including principles found in the UK Data Protection Act (https://www.legislation.gov.uk/ukpga/2018/12/contents?) and the EU General Data Protection Regulation (GDPR) (https://gdpr-info.eu/), thereby promoting data privacy, security, and accountability. PIPA applies to all organisations in Bermuda that process personal data, including both public and private sector entities. It is designed to ensure that personal data is collected, used, and disclosed in a fair and lawful manner, giving individuals greater control over their information.
