Personal Data Protection Act BES

Very many organizations use and exchange personal data. The main rules for dealing with personal data in the Caribbean Netherlands have been laid down in the BES Personal Data Protection Act.

The Personal Data Protection Act BES (PDPA BES) is based on the Dutch Personal Data Protection Act (PDPA) and has been in force since October 10, 2010. Read more about theĀ Enactment of the PDPA BES.

The PDPA BES also regulates the duties and powers of the Commission Supervision Personal Data Protection BES. Under the PDPA BES, the Commission was created as an independent supervisory authority.

Main Provisions of the PDPA BES
The main provisions of the PDPA BES on the lawful treatment of personal data can be summarized as follows:

  • Personal data may only be processed in accordance with the law and in a proper and careful way.
  • Personal data may only be collected for specified, explicit, and legitimate purposes. Next, they may only be further processed for purposes compatible with such purposes.
  • The individual whose personal data are being processed (called the “data subject”) should, at a minimum, be informed of the identity of the organization or person processing those data (the so-called data controller) and of the purpose of the data processing.
  • The data processing should be adequately secured. Special data, such as data about race, health, and religious beliefs, are subject to extra strict rules.

An explanation of the PDPA BES can be found in the Explanatory Memorandum to the PDPA (which also applies to the PDPA BES).