Revised Laws of Saint Lucia (2022)

53.   Compliance with request for access to personal data

  1.  

    (1)   Subject to this section and section 54 and to the payment of the prescribed fee, a data controller shall comply with a request under section 52 not later than 30 days after the receipt of the request.

  1.  

    (2)   Where a data controller is unable to comply with the request within the period specified in subsection (1), the data controller shall before the expiry of the specified period —

    1.  

      (a)     inform the data subject or the relevant person who has made the request on behalf of the data subject, that the data controller is unable to comply with the request and shall if required state the reasons for the data controller's inability to comply; and

    1.  

      (b)     obtain an extension of time from the data subject or relevant person or endeavour to comply with the request in such time as may be mutually agreed between the data subject or relevant person and the data controller.

  1.  

    (3)   If the parties do not, within 48 hours of the data subject or relevant person being informed under subsection (2)(a), agree to an extension of the 30 days, the data controller shall apply to the Commissioner without delay, and the Commissioner shall, without delay, fix a new deadline for compliance.