top of page

Official date of full PIPA implementation announced

Updated: Sep 27, 2023

16 June 2023

In a joint press conference yesterday, the Bermuda Government and the Office of the Privacy Commissioner for Bermuda (PrivCom) announced the official date when the Personal Information Protection Act (PIPA) 2016 will be implemented.

At the moment, the following administrative provisions are in force, enabling the appointment of the Privacy Commissioner and the creation of PrivCom: sections 1, 2, 26, 27, 28, 29, 35, 36, 51 and 52. The commencement date for the remaining clauses of PIPA will be 1 January 2025.

The law will be brought into full effect on 1 January 2025. This means that organisations in Bermuda that use personal information have 18 months to prepare for the full implementation of Bermuda’s data privacy law.

Many organisations already comply with similar provisions, due to the European Union (EU)’s General Data Protection Regulation (GDPR), which came into force 25 May 2018, and the global pandemic, which saw many aspects of our work and lives move online. Many jurisdictions similar to Bermuda already have data protection and privacy provisions, including small jurisdictions such Gibraltar, Isle of Man, Jersey, Cayman, and others.

With an 18-month window, PrivCom will guide organisations with a phased action plan. Commissioner White said: “We now have an 18-month window for organisations to prepare for PIPA. This course of action has my support, and we have worked closely with our Government colleagues to determine this implementation window. With a single fixed, universal date we can provide legal certainty and avoid confusion about deadline.”

PrivCom will continue to work across the community with organisations to help them understand the requirements and to ensure the adoption of PIPA and a smooth transition. Our office will be working with all kinds of businesses, small and large, to help ensure a smooth transition.

At PrivCom, we have a variety of resources available, including video training, such as on the basics of “Privacy & PIPA” and more detailed written explainers on key topics, such as:

PrivCom is continuing to produce guidance and will shortly publish a comprehensive “Guide to PIPA” that has dozens of pages of tips, checklists, and other pieces of advice. Even more guidance is coming, on specific topics such as what privacy means in the employment context and detailed guides for individuals on their rights.

PrivCom works closely with our regulatory partners both here in Bermuda and in jurisdictions around the world, such as the UK, Canada, and US, to ensure consistency and interoperability with their requirements.

PrivCom’s outreach in 2024 will be dedicated to guiding organisations in the community through the steps they need to meet the privacy rules of PIPA. Starting on Data Privacy Week in January 2024, we will provide the community with specific goals and actions to take each month as part of a phased action plan that puts the process of privacy compliance in bite-sized proportions.

Organisations need time to plan, so providing these sorts of concrete action steps will allow the community to progress together.

Commissioner White concluded: “I’ve often said that privacy is a journey, not a destination. We as a community are all on the Road to PIPA together, and I hope the public takes away from this discussion an understanding that they will have our office’s support each and every step of the way.”


bottom of page