Revised Laws of Saint Lucia (2022)

45.   Transfer of personal data

  1.  

    (1)   Subject to subsection (2), a data controller shall not transfer personal data to a country or territory outside Saint Lucia unless —

    1.  

      (a)     the country or territory to which the personal data is being transferred has comparable safeguards to those in Saint Lucia for the protection of the rights and freedom of the data subject in relation to the processing of personal data; and

    1.  

      (b)     the Commissioner has authorized the data controller to transfer the personal data to the country or territory outside Saint Lucia.

  1.  

    (2)   Subsection (1)(a) does not apply if —

    1.  

      (a)     the data subject has given his or her consent to the transfer;

    1.  

      (b)     the transfer is necessary —

      1.  

        (i)     for the performance of a contract between the data subject and the data controller, or for the taking of steps at the request of the data subject with a view to entering into a contract with the data controller,

      1.  

        (ii)     for the conclusion of a contract between the data controller and a person, other than the data subject, which is entered at the request of the data subject, or is in the interest of the data subject for the performance of such a contract, or

      1.  

        (iii)     to safeguard national security or where section 56 applies;

    1.  

      (c)     the matter concerns public security; or

    1.  

      (d)     the transfer is made on such terms as may be approved by the Commissioner as ensuring the adequate safeguards for the protection of the rights of the data subject.