
BZ
Data Protection Act 2021 Belize
Overview
The Data Protection Act 2021, is Belize's comprehensive regulation aimed at protecting the personal data of individuals. It establishes rules for the collection, processing, storage, and use of personal information, ensuring transparency and accountability from organizations handling such data. The law emphasizes the importance of respecting data subject rights and introduces mechanisms to safeguard sensitive personal data while promoting responsible data management practices.
Regulation Summary
- November 29, 2021 – The Belize Data Protection Act was enacted.
- November 30, 2021 – The law went into effect upon its publication in the Gazette.
- Businesses processing personal data of individuals in Belize.
- Organizations offering goods or services to Belizean residents, regardless of their location.
- Public and private entities handling personal data.
- National security and law enforcement agencies.
- Data processed for personal or household activities.
- Journalistic, artistic, or literary purposes under certain conditions.
- Obtain lawful consent before collecting personal data.
- Implement appropriate security measures to protect data.
- Provide transparency regarding data collection and usage.
- Limit data collection to what is necessary for the intended purpose.
- Report data breaches to the Belize Data Protection Authority without undue delay and, where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to individuals' rights and freedoms. If notification is delayed, a justification must be provided.
- Display a clear privacy policy detailing data collection and usage.
- Implement cookie consent mechanisms where applicable.
- Allow users to access, rectify, or erase their personal data.
- Secure online transactions and stored customer data.
- Appointment of a Data Protection Officer (DPO) for businesses processing large volumes of personal data.
- Restrictions on cross-border data transfers, ensuring adequate protection standards.
- Mandatory data protection impact assessments for high-risk processing activities.
- Right to Access
- Right to Rectification
- Right to Erasure
- Right to Object
- Right to Data Portability
- The Belize Data Protection Authority oversees compliance and enforcement.
- Failure to comply with an Information, Special Information, or Enforcement Notice: Fine of up to BZD $5,000 (~USD $2,500).
- Providing false or reckless statements: Fine of up to BZD $20,000 (~USD $10,000).
- Additional restrictions on data processing activities.