top of page

What will happen if I don't comply with PIPA?

Privacy regulation ensures that entities cannot misuse people’s personal information, or allow it to be vulnerable by getting lost, damaged or stolen without repercussions. When personal information lands in the wrong hands, individuals can be harmed and, in some instances, they can become victims of identity theft, discrimination, or physical harm.   


It's important for SMEs to take steps to comply with data privacy and protection laws, both local and global regulation. If you don’t prioritise this, your entity could receive a complaint and PrivCom may need to investigate and potentially take action against your organisation and/or staff that may be involved in the misuse of personal information activity.


The work of the Engagement Unit at PrivCom is to support organisations with privacy & data protection best practices and managing privacy rights. Whilst some parts of PIPA are not in operation, ten parts came into operation on 2nd December 2016 and a phased implementation has been announced in the November 2022 Throne Speech, so many SME organisations in Bermuda are focused on the spirit of PIPA regulation to be proactive with privacy compliance.

What motivates some organisations to focus today on privacy compliance?

  • Entities that value customers, staff and stakeholders adopt the principles of privacy by design and default as a key approach to privacy compliance. This means that they understand the benefits of proactive steps to create, develop and manage privacy rights and compliance across their entity.

  • Organisations that have innovation as a core value are dedicated to  

  • Some are choosing to do this because they have clients, suppliers or business partners that operate in jurisdictions that have privacy regulations in operation and do not wish to jeopardise the relationship they've established.

  • Others understand that there may be a number of steps required before compliance can be met and recognise that the best thing to do is face the cultural, organisational and technical changes head on with free support from the island's privacy regulatory authority, PrivCom.


PrivCom's free services are a timely value-add for entities that require support due to limited resources, unique business models or operating practices, or to ensure that they are following best practices. Our Engagement Team is a dedicated support for small organisations. We offer a range of training, guidance, consultancy, in addition to the suite of toolkits, bite-sized guides and other tailored resources in circulation or under development for small organizations.

Get in touch at

bottom of page