The Data Protection Act, 2021 (Act No. 45 of 2021) of Belize

The Data Protection Act, 2021 (Act No. 45 of 2021) of Belize establishes the legal framework for regulating the collection, processing, use, and sharing of personal data. Its main aim is to safeguard the privacy rights of individuals and to ensure that entities handling personal data follow strict principles of fairness, lawfulness, transparency, and security.

Key features include:

• Data protection principles: Personal data must be processed lawfully, fairly, transparently, and securely; it should be collected for legitimate purposes, kept accurate, and not retained longer than necessary.
• Data subject rights: Individuals are granted rights such as access, rectification, erasure, restriction of processing, portability, objection to certain processing (including direct marketing), and protection from decisions made solely by automated processing.
• Special provisions: The Act has specific rules for children’s data, sensitive personal data (e.g. health, biometric, political opinions), and transfers of personal data outside Belize.
• Obligations: Data controllers and processors must adopt security measures, report breaches, conduct impact assessments, and designate data privacy officers in some cases.
• Oversight: A Data Protection Commissioner is established with powers of enforcement, supported by a Data Protection Tribunal for appeals.
• Exemptions: Certain exemptions apply for national security, crime prevention, journalism, research, and other specified areas.