Privacy Law at Grenada

11 Apr 2025 --
0 Comments

Grenada enacted its Data Protection Act, No. 1 of 2023 (GDPA), which received assent in May 2023, establishing a comprehensive legal framework for the processing of personal data.

Key Features of Grenada's Data Protection Act

1. Scope and Application

Material Scope The GDPA applies to personal data processed in the course of commercial transactions within Grenad.

Territorial ScopeThe Act does not specify provisions for international data transfers, potentially limiting its application to data processed within Grenada's border.

2. **Data Subject Rights*

The GDPA grants individuals the following rights regarding their personal data:

Access Right to obtain confirmation of data processing and access to personal data hel.

Rectification Right to request correction of inaccurate or incomplete dat.

Notice and Choice Right to be informed about data collection purposes and to consent t data processin.

Disclosure Right to know with whom personal data is share.

Retention Right to ensure data is not kept longer than necessar.

Security Right to have data protected against unauthorized acces.

Data Integrity Right to ensure data is accurate and up to dat.

Access to Personal Data Right to access personal data held and request rectification if necessar.

3. **Exemptions*

The GDPA outlines specific exemptions, includin

Law Enforcement Processing for crime prevention, tax collection, and anti-money laundering purpose.

Journalistic, Literary, or Artistic Purposes Processing for these purposes is exempt from certain provisions, provided it serves the public interest and freedom of expression.

4. **Information Commission*

The Act establishes an Information Commission comprising three members with expertise in data protection, law, and information technolog. The Commission's functions includ:Monitoring compliance with the GDP. Advising public and private bodies on their obligation.Receiving and investigating complaint.Conducting educational programs to promote understanding of the Act.

5. **Enforcement and Penalties*

The GDPA imposes penalties for non-compliance, includin:

Individuals Fines up to EC$50,000 or imprisonment for up to 3 years (summary offense); up to EC$100,000 or imprisonment for up to 5 years (indictable offense.

Corporate Bodies Fines up to EC$250,000 (summary offense); up to EC$500,000 (indictable offense.

6. **Corporate Liability*

The GDPA holds senior leadership accountable for breaches, ensuring that corporate entities operate with due diligence in data protection matter.

🛡️ Summary

Grenada's Data Protection Act, No. 1 of 2023, establishes a foundational legal framework for data protection, emphasizing individual rights and organizational accountabiliy While the Act provides essential protections, its limited scope and lack of provisions for international data transfers may necessitate future amendments to align with global data protection standars.