At DataPro Caribbean (DPC), we value and respect your privacy. That’s why we’re making it easier for you to understand your rights and responsibilities under Jamaica’s Data Protection Act (JDPA). Our Resource Page provides the key information and tools you need to protect personal data and stay compliant.
Data Protection Principles
Under the JDPA, personal data must be:
- Processed lawfully and fairly
- Collected for specified, lawful purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Not stored longer than necessary
- Processed in accordance with the rights of data subjects
- Protected with appropriate technical and organizational measures
- Not transferred to another country unless it ensures an adequate level of protection
Know Your Rights
As a data subject, you are entitled by law to the following rights:
Right to Be Informed
You can ask, free of charge, whether we process your personal data and receive a description of:
- The data we hold for you
- The purposes for which we process it
- Any third parties with whom we may share it
Right to Rectification
You may request that we correct any inaccuracies in your data. We must also notify third parties with whom your data has been shared.
Right to Access and Portability
You can request, for a fee, a copy of your personal data and its source. You may also request to transfer your data to another controller, where technically feasible.
Right to Be Informed of Automated Processing
If automated decision-making is used (e.g., credit checks), you have a right to know the logic behind the process and object to any such decisions made solely on that basis.
Right to Withdraw Consent & Object to Processing
You can withdraw your consent at any time to direct marketing. You may also request that we stop processing your data in certain cases, like when it causes unwarranted distress or is incomplete/irrelevant.
JDPA: Data Protection & Risk Detection Checklist
- Research your firm’s exact responsibilities under the JDPA
- Create a compliance action plan
- Conduct a risk assessment of all data processing systems and third-party vendors
- Use technology designed to prevent data loss and detect risk
- Appoint a Data Protection Officer if needed
- Remove sensitive metadata from files before sharing or uploading
- Identify where sensitive data is stored and ensure it is protected
- Educate staff and users on data sharing risks
- Get expert advice to ensure full JDPA compliance
Consent Requirements Under the JDPA
Consent must be:
- Given by a clear affirmative action
- Freely given, specific, informed, and unambiguous
- Proven by the data controller
- Withdrawn as easily as it is given
Consent must not:
- Be inferred from silence, pre-ticked boxes, or inactivity
- Be a condition for receiving a service unnecessarily
- Use unclear or confusing language
- Be bundled with other terms and conditions
