In today’s quickly changing digital landscape, data protection has become a key priority for many organizations worldwide. Here is Jamaica, with the introduction of the Data Protection Act, 2020 (DPA), the requirements for compliance are clearly articulated. At the heart of this compliance effort is the within the Real Estate Board/Commission of Strata Corporations (REB/CSC) is the Data Protection Oversight Committee (DPOC), which is a dedicated body tasked with supporting the internal framework to safeguard sensitive information and ensure compliance with privacy regulations. We will look briefly at the roles and responsibilities of the DPOC, its current priorities, and an update on the state of our organization’s data protection framework.

Roles and Responsibilities of the DPOC

 The DPOC is expected to play a crucial role in shaping and overseeing our data protection strategy. Comprised of senior executives, legal advisor, IT expert, and the Data Protection Officer (DPO), the ensures the organization is on a path to meeting its regulatory requirements under the DPA.

Among its key responsibilities, the DPOC is tasked with reviewing data protection policies, contributing to the execution of risk assessments, and overseeing the organisation’s data protection incident response approach. This includes ensuring timely reporting of breaches and recommending corrective actions to prevent future occurrences. The DPOC will also contribute to monitoring third-party compliance, ensuring external vendors adhere to the same strict data protection standards. Additionally, the committee will contribute to the development of continuous staff training, ensuring that all employees are aware of their role in protecting personal data.

Major Priorities of the DPOC

 As the data privacy landscape becomes increasingly complex, the DPOC’s priorities are focused on two key areas. First, strengthening data governance is essential for clearly defining roles and responsibilities within the organization. This involves developing or refining data classification protocols and ensuring proper access controls are in place to protect sensitive information.

Second, the DPOC is prioritizing privacy by design and default by embedding data protection principles into all new systems and processes. This means conducting Data Protection Impact Assessments (DPIAs) for any new projects involving personal data, ensuring that privacy is considered at every stage of development.

State of Our Data Protection Framework

 Our organization’s data protection framework is on the path to being in a strong position. We are registered with the Office of the Information Commissioner (OIC) and are on our way to being fully compliant with the DPA with no major incidents to report since registration. A recent internal audit identified minor gaps in our operational and data retention practices, which are being addressed with policy updates. Additionally, the DPOC will continue to oversee the implementation of key security enhancements further securing our data environment. Looking ahead, the DPOC remains committed to addressing emerging risks, strengthening our data governance, and ensuring ongoing compliance to protect the organization and its stakeholders.