The Cayman Islands Data Protection Act governs how a data controller may process, use and retain personal data. Anyone who falls within the definition of a “data controller” (such as a Cayman Islands investment fund) must now comply with eight data protection principles in relation to any personal data processed by the data controller. Where a data controller engages a third party (such as an administrator or investment manager) to process personal data on its behalf, the data controller must ensure the third party complies with the eight data protection principles. Download the PDF to read more.