Jamaican Data Protection Act

What is the Jamaican Data Protection Act?

The Jamaican Data Protection Act 2020 is a comprehensive data privacy law that was passed in Jamaica in 2020, keeping in mind the data privacy and security of Jamaican citizens. This Act is quite similar to other major data privacy laws that have been passed in recent years, such as the EU’s General Data Protection Regulation (GDPR) and Brazil’s General Data Protection Law (LGPD).

The Jamaican Data Protection Act creates the legal blueprint for how data within Jamaica should be collected and processed. It also sets the framework for penalties that can be imposed on individuals and organizations who do not comply with the guidelines of this act.

What qualifies as personal data?

The act defines "data" as any personal information relating to a living individual, while a "data subject" is an identifiable individual who is the subject of the aforementioned personal information, a.k.a. data, or any identifiable individual who has been deceased for less than 30 years.

Types of data:

  • Biometric data
  • Race, gender, ethnic origin
  • Trade union membership
  • Political and religious ideology
  • Physical or mental health records
  • Sex life
  • Commission of offense or proceedings related to commission of the offense
Personal data qualifies

Jamaican Data Protection Act standards

According to the Jamaican Data Protection Act 2020, all data controllers operating within Jamaica are expected to comply with the following guidelines:

  • Fair and lawful processing

    Personal data must only be processed if the data subject consents to the processing of data and this consent has not been withdrawn. For the processing of sensitive data, this consent must be in writing.

  • Obtained only for specified, lawful purposes

    Data should be collected only for specified and lawful purposes and shall not be processed in any manner that is incompatible with those purposes.

  • Data quality

    Personal data collected must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

  • Accurate and up to date

    The data must be accurate and, wherever necessary, kept up to date.

  • Limited retention

    Personal data processed for any purpose shall not be kept for longer than is necessary.

  • Processed in accordance with the rights of data subjects

    Personal data must be processed in accordance with the rights of data subjects; further, a person shall be regarded as contravening the Act by processing personal data for purposes of direct marketing without the consent of the data subject.

  • Protected by appropriate technical and organizational measures

    Appropriate technical and organizational measures will be taken against unauthorized or unlawful processing and accidental loss or destruction of or damage to personal data.

  • International transfers

    Personal data must not be transferred to a state or territory outside of Jamaica unless that state or territory ensures an adequate level of protection for the rights and freedoms of the data subjects.

Complying with the Jamaican
Data Protection Act of 2020

With ManageEngine's comprehensive suite of IT management solutions, you can ensure that compliance requirements such as data collection, data security, and audits are met with the utmost care and attention to detail. With our solutions, Data Protection Act compliance will seem like a cool summer breeze on the sandy shores of Kingston.

  • 1. Fair and lawful processing
  • 2. Obtained only for specified, lawful purposes
  • 3. Data quality
  • 4. Accurate and up to date
  • 5. Limited retention
  • 6. Processed in accordance with the rights of data subjects
  • 7. Protected by appropriate technical and organizational measures
  • 8. International transfers

Fair and lawful processing

How your organization can help

Appoint an information officer who will bear the responsibility of ensuring compliance when it comes to data processing and collection. Ensure that the data subject provides written consent to the processing of their data.

How IT can help

Identity and access management tools will help to establish role-based access controls so that only authorized personnel will be able to handle sensitive data.

How ManageEngine can help

Access Manager Plus: Create custom roles with preset permissions to ensure users have only the required access to perform their tasks.

M365 Manager Plus: Establish role-based access control for Microsoft 365 administration.

Endpoint Central: Grant permissions of your choice based on multiple predefined and/or tailor-made roles using role-based access control.

AD360: Select any combination of management, auditing, reporting, and alerting tasks concerning AD and Microsoft 365, and delegate them by creating custom help desk roles.

Obtained only for specified, lawful purposes

How your organization can help

Collect and store only the data that is required for a specific and lawful purpose—and the processing of this data should be within lawful means.

How IT can help

Locate and delete junk data, including obsolete and duplicate files, using data discovery tools.

How ManageEngine can help
Data Security Plus:

- Identify anomalous data access, collection, modification and deletion.
- Locate and delete junk data, including stale, duplicate, and orphaned files.

Data quality

How your organization can help

Personal data collected must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

How IT can help

Use a real-time alert mechanism to be notified about unauthorized access, modification, or deletion of files with confidential data.

How ManageEngine can help
Endpoint Central:

- Keep personal and corporate data separate on your devices.

- Delete users' personal data from your servers, revoking access to that data.

Password Manager Pro: Prevent unauthorized users from exploiting privileged access to personal data repositories.

Password Manager Pro: Prevent unauthorized users from exploiting privileged access to personal data repositories.

ADAudit Plus: Audit events to identify unauthorized permission changes related to personal data.

Data Security Plus:

- Identify users with full control access to files shared on Windows.

- Locate all files and folders shared with multiple users.

PAM360: Ensure that only authorized users can remotely access sensitive data for specific time periods.

Accurate and up to date

How your organization can help

Ensure that the data collected and stored is accurate and regularly updated.

How IT can help

Schedule regular scans and audits to monitor the integrity of the data and periodically delete outdated data.

How ManageEngine can help

Endpoint Central: Schedule device scans to ensure the availability and integrity of personal data.

Data Security Plus: Monitor and delete incorrect or outdated data.

Browser Security Plus: Scan your active browsers to ensure that personal data stored as cookies or sessions is protected.

Endpoint DLP Plus: Quickly recall data information on data subjects when requested for modification or deletion.

Limited retention

How your organization can help

Data kept for long periods of time should be deleted when it reaches the storage threshold.

How IT can help

Locate and audit databases to keep the data relevant and delete outdated records.

How ManageEngine can help

Data Security Plus: Identify, locate, and delete incorrect or outdated data.

Log360: Audit databases to determine how long data has been stored and delete records once the storage threshold is reached.

Processed in accordance with the rights of data subjects

How your organization can help

Data subjects should be informed when their personal data is being processed for direct marketing. They also have the right to rectify any inaccuracy in this data as well as request the erasure of their data.

How IT can help

Monitor data activity and access, and notify your data security officer if the integrity of the data has been compromised.

How ManageEngine can help

Endpoint Central: Gain visibility into users or devices accessing business services and data.

Log360: Send alerts when unauthorized access attempts are made.

EventLog Analyzer: Audit all activity on systems that store personal data, monitor changes made to the data, and notify security admins if the integrity of the data has been compromised.

Data Security Plus:

- Audit file and folder actions to maintain an audit trail of accesses.

- Trigger email alerts to admins when suspicious activity is detected.

- Detect and contain ransomware to prevent data loss.

- Detect and prevent the leakage of business-critical files via USB devices or email.

Endpoint DLP Plus: Limit data access to essential and relevant personnel based on security clearance and task-specific needs.

Protected by appropriate technical and organizational measures

How your organization can help

Technical and organizational measures must be taken to ensure the integrity, confidentiality, and security of data, and also to prevent unauthorized or unlawful processing of data, as well as destruction or damage to data.

How IT can help

Detect vulnerabilities and unknown external attacks using custom correlation rules in log management tools.

How ManageEngine can help
Endpoint Central:

- Check periodically if your organization's assets are compliant with corporate configurations.

- Securely distribute business-critical documents to authorized individuals and devices.

ADManager Plus: Email or export reports whenever required for security assessments and audits.

Endpoint DLP Plus: Generate reports with actionable insights to audit sensitive information and its applicable policies.

International transfers

How your organization can help

Data transfer outside of Jamaica must only be done to those states and territories that ensure protection for the rights and freedoms of the data subjects.

How IT can help

Monitor, authorize, or block all data activity, including movement of data between devices, to identify potential breaches ahead of time and ensure data security.

How ManageEngine can help

Endpoint Central: Set alerts in case a device does not check in with the server over a predefined period of time.

Log360: Centralize and correlate security data to identify potential data breaches instantly.

Data Security Plus:

- Monitor and block the movement of personal data to USB devices or as email attachments.

- Reduce incident response time with instant alerts.

- Generate alerts and reports on unwanted access or anomalies in file access and modification.

- Maintain a document of all file and folder deletion actions.

Endpoint DLP Plus: Configure policies to restrict the movement of sensitive information to peripheral devices.

Get guidance on Jamaican
Data Protection Act (JDPA) compliance

Talk to our experts to get more information on how your organization
can meet the JDPA compliance mandate.

Name* Please enter the name
Email address*
Phone number* Please enter your phone number
Country*

By clicking ‘Submit’, you agree to processing of personal data according to the Privacy Policy.

Disclaimer

Fully complying with the Jamaican Data Protection Act requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some of the ways in which IT management tools can help with some of the Act's requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions help achieve and sustain compliance with the Act. This material is provided for informational purposes only and should not be considered as legal advice for Jamaican Data Protection Act compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.