Bermudas Personal Information Protection Act (PIPA), passed July 27, 2016, shares many of the more stringent requirements and protections with Europes impending General Data Protection Regulation (GDPR). There are, however, important differences between the two. Personal Information (PI) is defined as any information about an identified or identifiable individual. For the GDPR, personal data is any information relating to an identified or identifiable natural person and the definition of personal information varies by jurisdiction in the United States. PIPA applies certain key restrictions on the use of this broadly defined personal information, from the permitted use of personal information and the transfer of personal information outside of Bermuda. It also requires that organizations implement adequate safeguards to prevent data loss and unauthorized access. Those who do not comply could face fines not exceeding $250,000.
