Will a Data Controller who does not comply with the requirements of the act be penalized? | Office of the Information Commissioner, Jamaica

Submitted by admin on 12 August 2023

Yes. The act provides various penalties for non-compliance with the data protection standards and other breaches of the act. These include both fines and imprisonment which vary, depending on the severity of the offence or impact of the breach. The penalties are imposed on the data controller who is given the obligation of protecting data subjects’ personal data, not on the Data Protection Officer who is tasked with monitoring the controller’s compliance with the DPA.

The Enforcement Mechanisms are:
Failure to comply with these obligations may leave the data controller subject to:

The data controller being served by the Commissioner an Enforcement Notice,
Assessment Notice, Information Notice, or a Fixed Penalty Notice
Criminal Prosecution -
i. An individual may be subject to imprisonment or fine;
ii. A body corporate may be subject to a fine not exceeding 4% of the annual gross worldwide turnover of the body corporate.

Civil suit – an individual who suffers damage because of any contravention by a
the data controller of any of the requirements of the Act is entitled to compensation from the data controller for that damage.

About OIC

Our Services

Contact the OIC