Regional information technology consultancy firm Symptai Limited has called on companies to step up the pace of becoming data privacy compliant especially now when breaches of the Data Protection Act are set to take full effect.

The Data Protection Act, passed in June 2020, gave businesses a two-year period for implementation and is expected to come into effect this year. The Act contains discreet requirements for the handling of personal data of individuals, as well as specific obligations for businesses in the event of a data breach.

At a recent staging of its data privacy impact assessment webinar, Symptai Consultancy said that following the appointment of an information commissioner in Jamaica late last year along with the country being in its second-year implementation phase of the Data Protection Act, “data controllers (person or public authority that determines the purpose and manner for processing personal data collected from individuals) ought to now take steps towards compliance.”

“The extent of the law will not spare any entity as this Act has been forthcoming for some time. It is expected that the penalties for non-compliance will be much more in comparison to what it will take a company to get to that state of compliance. Additionally, this process cannot be done overnight; hence, we are imploring all entities affected by this Act to begin the process now,” the company urged.

Symptai, which prides itself as a leader in data privacy and protection in the region, also encouraged every data controller to establish a data privacy protection framework that will help to assess their readiness for the Act.

“A state of compliance for companies means registering with the office of the information commissioner, appointing a data protection officer, providing information related to what personal information is being processed, the purpose of gathering that information, how the information will be processed, and most importantly, to whom this data will be disclosed,” the firm noted.

The newly appointed Information Commissioner Celia Barclay, who also spoke at the webinar, charged decision-makers and IT professionals in attendance to make the necessary preparations towards getting their companies compliant, warning them of the possible fines and even prosecution that could be meted out for non-compliance.

“Though data controllers may seek to employ data processors to assist with the process, data controllers will still be liable for any breach as the duty lies within their realms. Failure to reach a state of compliance or a breach of the Act will see organisations liable for payouts not exceeding four per cent of their annual gross to the office of the information commissioner or up to $5 million in the case of an individual,” she noted.