Data Protection Act 2021 Belize

    Overview

    The Data Protection Act 2021, is Belize's comprehensive regulation aimed at protecting the personal data of individuals. It establishes rules for the collection, processing, storage, and use of personal information, ensuring transparency and accountability from organizations handling such data. The law emphasizes the importance of respecting data subject rights and introduces mechanisms to safeguard sensitive personal data while promoting responsible data management practices.

     

    Regulation Summary

    Timeline
    • November 29, 2021 – The Belize Data Protection Act was enacted.
    • November 30, 2021 – The law went into effect upon its publication in the Gazette.
    What Businesses Are Affected
    • Businesses processing personal data of individuals in Belize.
    • Organizations offering goods or services to Belizean residents, regardless of their location.
    • Public and private entities handling personal data.
    Exemptions
    • National security and law enforcement agencies.
    • Data processed for personal or household activities.
    • Journalistic, artistic, or literary purposes under certain conditions.
    Responsibilities for Businesses
    • Obtain lawful consent before collecting personal data.
    • Implement appropriate security measures to protect data.
    • Provide transparency regarding data collection and usage.
    • Limit data collection to what is necessary for the intended purpose.
    • Report data breaches to the Belize Data Protection Authority without undue delay and, where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to individuals' rights and freedoms. If notification is delayed, a justification must be provided.
    Specific Responsibilities for Website Owners
    • Display a clear privacy policy detailing data collection and usage.
    • Implement cookie consent mechanisms where applicable.
    • Allow users to access, rectify, or erase their personal data.
    • Secure online transactions and stored customer data.
    Additional Requirements
    • Appointment of a Data Protection Officer (DPO) for businesses processing large volumes of personal data.
    • Restrictions on cross-border data transfers, ensuring adequate protection standards.
    • Mandatory data protection impact assessments for high-risk processing activities.
    Data Subject Rights
    • Right to Access
    • Right to Rectification
    • Right to Erasure
    • Right to Object
    • Right to Data Portability
    Fines
    • The Belize Data Protection Authority oversees compliance and enforcement.
    • Failure to comply with an Information, Special Information, or Enforcement Notice: Fine of up to BZD $5,000 (~USD $2,500).
    • Providing false or reckless statements: Fine of up to BZD $20,000 (~USD $10,000).
    • Additional restrictions on data processing activities.
    •  
    illustration of contact means

    Questions?

    If you would like to learn more, our compliance experts are happy to support you.

    Leave us a Message
    support@clym.io
    +1 980 446 8535 +1 866 275 2596