Barbados: Processing by Entity Registered or Incorporated in Jurisdiction
The Processing by Entity Registered or Incorporated in Jurisdiction factor is used to determine the scope of applicability of the data protection law in Barbados by specifying that the law applies to data processing activities carried out by controllers or processors that are legally incorporated, registered, or have their corporate seat within Barbados.
Text of Relevant Provisions
Barbados Data Protection Act 2019 Art.3(2):
"For the purposes of subsection (1) “established in Barbados” means:a) an individual who is ordinarily resident in Barbados;b) a body, association or other entity incorporated, organised, registered or otherwise formed under any enactment; orc) a person who does not fall within paragraph (a) or (b) but maintains in Barbados an office, branch or agency through which he carries on any activity related to the processing of personal data." Original (English): No additional language provided.
Analysis of Provisions
The provision under Barbados Data Protection Act 2019 Art.3(2) defines what it means to be "established in Barbados" for the purposes of the law's applicability. This includes individuals who are ordinarily resident in Barbados, entities incorporated or registered under Barbadian law, and entities that maintain an office, branch, or agency in Barbados for data processing activities.
The use of the phrases "an individual who is ordinarily resident in Barbados", "a body, association or other entity incorporated, organised, registered or otherwise formed under any enactment", and "a person who does not fall within paragraph (a) or (b) but maintains in Barbados an office, branch or agency through which he carries on any activity related to the processing of personal data" emphasizes the territorial and legal aspects of the law's applicability, focusing on entities that have a legal presence or conduct data processing activities within Barbados.
Implications
For businesses, this means that any entity that is legally incorporated, registered, or maintains an office, branch, or agency in Barbados for data processing activities must comply with the data protection law. This includes adhering to the principles of lawful processing, ensuring data subjects' rights are respected, and implementing appropriate security measures to protect personal data.
Examples of cases where the law applies due to this factor include:
- A company incorporated in Barbados processing customer data.
- A branch of a foreign company located in Barbados handling employee personal data.
Conversely, the law does not apply to entities that are not established in Barbados unless they process personal data of data subjects in Barbados and such processing activities relate to the offering of goods or services to data subjects in Barbados, as specified in Art.3(1)(b).