Revised Laws of Saint Lucia (2022)

Schedule 2

(Section 32(1))

DATA PROTECTION PRINCIPLES

  1.  

    (a)     First Principle – Collection Limitation Principle: Personal data shall be processed fairly and lawfully in accordance with section 33.

  1.  

    (b)     Second Principle – Purpose Specification Principle: Personal data shall be obtained only for one or more specified and lawful purposes, which purpose shall be specified not later than at the time of data collection, and such personal data shall not be further processed in any manner incompatible with that purpose or those purposes in accordance with sections 33 and 41.

  1.  

    (c)     Third Principle – Data Quality Principle: Personal data shall be relevant and not excessive in relation to the purposes for which they are to be processed and, to the extent necessary for those purposes, shall be accurate, complete and up-to-date in accordance with sections 40 and 41.

  1.  

    (d)     Fourth Principle – Use Limitation Principle: Personal data shall not be disclosed, made available or otherwise used for purposes other than those specified under this Act and such personal data processed for any purpose shall not be kept longer than is necessary for that purpose or those purposes in accordance with sections 41, 42 and 44.

  1.  

    (e)     Fifth Principle – Security Safeguard Principle: Personal data shall be protected by reasonable security safeguards and appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against such risks as accidental loss, unauthorized access, use, modification, or destruction of data in accordance with section 33.

  1.  

    (f)     Sixth Principle – Accountability Principle: A data controller shall be accountable for complying with measures which give effect to the data protection principles and shall ensure that personal data is processed in accordance with the rights of the data subject under this Act in accordance with section 33.

  1.  

    (g)     Seventh Principle – Individual Participation Principle: A data subject shall have the right to know what data is held about him by a data controller and shall have a right to ensure that all reasonable measures are taken to complete, correct, block, erase or annotate data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed in accordance with sections 33 and 56.

  1.  

    (h)     Eighth Principle – Transfer of Data Principle: Personal data shall not be transferred to a country or territory outside the State unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data in accordance with section 45.

CHAPTER 8.18
DATA PROTECTION ACT

SUBSIDIARY LEGISLATION

No Subsidiary Legislation