The Data Protection DPA Enters into Force in the BVI

1
Welcome to
The Data Protection DPA Enters into Force in the
BVI
2
In April 2021, the British Virgin Islands (BVI)
government passed the Data Protection Act (DPA).
The DPA became effective 9 July 2021. (Though
BVI is a United Kingdom territory, it is not
subject to Europes General Data Protection
Regulation GDPR).

• The DPAs main goals
• protect the personal data that public and private
  bodies process.
• boost personal data processing transparency and
  accountability.
• Essentially, the DPA applies to any person or
  entity that processes, authorises, or administers
  personal data regarding commercial transactions,
  so long as that person is either
• situated in the BVI and processes personal data
  or employs or otherwise engages another
  individual to process personal data for them, on
  their behalf, regardless of whether such is for
  their business purposes.
• located outside the BVI, but uses BVI devices for
  processing personal data (other than for transit
  through BVI).

3

• DPA Main Definitions and Provisions
• The DPAs main definitions and provisions are as
  follows
• A data controller is a person who directly
  processes and maintains or engages others to
  process or maintain control over the processing
  of personal data.
• A data processor is a person who processes data
  for a data controller, but is not the data
  controllers employee.
• A data controller may process adequate but not
  excessive quantities of personal data, only when
  such relates to a data controllers activities
  and when such is for a lawful purpose, and only
  with the individuals direct consent.
• If processing is required to prepare a
  performance contract, to carry out legal duties,
  for the administration of justice, or to protect
  an individuals essential interests, express
  consent is not required.

4

• Data controllers must take practical steps to
  validate the accuracy of the personal data they
  process, make sure it is current, retain it, and
  protect it. And, when the personal data is no
  longer necessary, they must then delete the
  personal data.
• Data controllers may only process personal data
  outside BVI when sufficient safeguards exist or
  if the individual consents.
• Unless an individual provides consent or a law
  requires disclosure, a data controller shall not
  process sensitive personal data. Such includes
  an individuals mental and physical health,
  political beliefs, religious views, and sexual
  orientation.

5

• Steps for BVI Individuals and Entities
• BVI individuals and entities that are not data
  controllers or data processors need not take any
  further steps. Those that are should
• Gather consents.
• Draft privacy notices.
• Obtain third-party data processor approvals.

The DPA contains other important rules,
regulations, and definitions. If you are a BVI
data controller or data processor, it is
important that you seek expert advice in order to
clearly understand and comply with the DPA.
6
CCP Financial Consultants Limited CCP Financial
Consultants Limited (CCP) is a BVI based,
multidisciplinary financial services firm
dedicated to providing premium financial
solutions to clients around the world. It
understands BVIs rules and regulations and its
government structure, so it can help your
business navigate them when you do business in
the BVI.
CCP also offers Company Management, BVI Licenced
Insolvency Services, BVI Voluntary Liquidation
Services, Accounting Service in BVI, Bank Account
Opening Service in BVI, Company Incorporation
Service in BVI, Company Formation in BVI, BVI
Registered Agent, BVI Offshore Company, Ship
registration in BVI, and Economic Substance
Services. Please visit the website and if
required you can schedule a consultation for more
information.
7
Contact us
CCP financial consultants limited E-mail
mail_at_ccpbvi.com Website ccpbvi.com Ph no. 1
(284) 494-6777
Thank you for watching