Resources
As at February 2025, the Turks and Caicos Islands (TCI) have not enacted comprehensive data protection legislation. However, the Electronic Transactions Ordinance (https://www.gov.tc/agc/component/edocman/02-14-electronic-transactions-ordinance-2/viewdocument/1815?Itemid=) empowers the Governor to establish regulations governing the processing of personal data, regardless of its origin. As at February 2025, no such regulations have been implemented. In the absence of specific data protection legislation, organisations operating within TCI are encouraged to adopt robust data privacy practices. This includes obtaining explicit consent from individuals before collecting or sharing their personal information, especially when transferring data within corporate groups. For instance, employment contracts should include provisions that secure employee consent before sharing their data with other entities.
Other legislation, such as those related to anti-money laundering (https://www.tcifsc.tc/aml-ctf-legislation) and financial services (https://www.tcifsc.tc/financial-services-commission-legislation/), impose certain data handling and privacy obligations.
