Resources
The British Virgin Islands (BVI) Data Protection Act, 2021 (DPA) came into force on July 9, 2021, establishing a comprehensive legal framework for the protection of personal data. The Act applies to all organisations which process, control, or authorise the processing of personal data within the BVI, including BVI-incorporated companies, limited partnerships, and foreign entities using equipment in the jurisdiction for data processing purposes. The Act aligns with international data protection standards**, ensuring that personal information is handled lawfully, fairly, and securely.
At the heart of the Act are several fundamental principles that govern the collection and use of personal data. These principles require that personal data be collected with consent, used only for specific and legitimate purposes, stored securely, kept accurate and up to date, and retained only for as long as necessary. Organisations are obligated to implement strict security measures to protect personal data from unauthorised access, loss, or destruction. Additionally, personal data must not be transferred outside of the BVI unless adequate safeguards are in place to ensure its protection.
The Act grants individuals (data subjects) a range of rights over their personal data. These include the right to access their personal information, request corrections, and demand deletion (right to be forgotten) under certain conditions. Individuals also have the right to restrict processing, object to their data being used for direct marketing, and request their data in a portable format to transfer to another organisation. To ensure compliance, the Act establishes the Office of the Information Commissioner, which has the power to investigate complaints, issue enforcement notices, and impose penalties. Organisations that fail to comply with the DPA face significant financial penalties, with fines reaching up to US$100,000 for individuals and up to US$500,000 for corporate entities. In more serious cases, non-compliance can also result in imprisonment for up to five years.
