Running a Compliant Business
International Data Transfers
When using overseas tools or storage counts as an international transfer, and what the Act expects you to do about it.
What you will learn
- What counts as an international transfer
- What the eighth standard requires
- How everyday cloud tools are affected
- Practical steps to transfer data responsibly
Overview
Most businesses use tools hosted overseas without thinking about it: email, cloud storage, accounting software, marketing platforms. When personal data lives or is processed outside Jamaica, that is an international transfer, and the Act has something to say about it.
Why this matters
Data sent abroad can fall under different rules and protections. The Act wants to make sure your customers' data stays protected even when it leaves Jamaica. Since so many everyday tools are hosted overseas, this affects almost every business.
What counts as a transfer
A transfer happens whenever personal data is stored or processed outside Jamaica. That includes:
- cloud storage and email hosted abroad
- overseas software and platforms that hold your data
- backups kept on overseas servers
- a head office or partner abroad accessing the data
What the law says
The eighth standard (within sections 22 to 31) says personal data should not be transferred outside Jamaica unless there is appropriate protection for it. The Act sets the framework; the specific safeguards that satisfy it should be confirmed against the Act and current guidance.
Everyday cloud tools
Common platforms such as international email, storage, and marketing tools usually involve transfers. That does not make them off-limits, but you should:
- know where your data is stored
- check the provider's protection and terms
- disclose the transfer in your privacy notice
Practical steps
- List the tools and providers that hold your personal data.
- Note which store or process data outside Jamaica.
- Check each one's data location and protection.
- Update your privacy notice to mention overseas transfers.
Common mistakes
- Assuming "the cloud" has no location.
- Forgetting that overseas backups are transfers.
- Saying nothing about transfers in the privacy notice.
Best practices
- Map where your data actually lives.
- Prefer providers that are clear about data location and protection.
- Be transparent with customers about transfers.
Put this into practice
Make sure your notice tells people about any overseas transfers.
Update your privacy noticeFrequently asked questions
Key takeaways
- Storing or processing data outside Jamaica is an international transfer.
- The eighth standard requires appropriate protection for transferred data.
- Many everyday cloud tools involve transfers, so check them.
- Be transparent in your privacy notice about overseas transfers.
