Interpretation

2.                      In this Act

"accessible public record" means any record that is kept by a public authority and to which members of the public are given access;

"accessible record" means

(a)     a health record;

(b)     an educational record; or

(c)      an accessible public record;

" biometric data" means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of an individual, which allow or confirm the unique identification of that individual;

"child" means a person who is under the age of 18 years;

"Commissioner" means the Data Protection Commissioner referred to in section 70;

"consent" in relation to a data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him;

“data” means information that

(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose;

(b) is recorded with the intention that it should be processed by means of such equipment;

(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system;

(d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record; or

(e) does not fall within paragraph (a), (b), (c) or (d) but is recorded information held by a public authority;

“data controller” means

(a) a person who alone, jointly or in common with others determines the purposes for which, and the manner in which, any personal data is or should be processed; or

(b) where personal data is processed only for the purpose for which the data is required by or under an enactment to be processed, the person on whom the obligation to process the data is imposed by or under an enactment;

“data privacy officer” means a person designated as such pursuant to section 67;

“data processor” means any person, other than an employee of a data controller, who processes personal data on behalf of the data controller;

“data subject” means an individual who is the subject of personal data;

“genetic data” means personal data relating to the inherited or acquired genetic characteristics of an individual which gives unique information about the physiology or the health of that individual and which result, in particular, from an analysis of a biological sample from the individual;

“health care professional” includes a person who is registered under

(a) the Medical Professions Act (Act 2011-1);

(b) the Dental Registration Act, Cap. 367;

(c) the Nurses Act, Cap. 372 or enrolled under that Act;

(d) the Pharmacy Act, Cap. 372D; and

(e) the Paramedical Professions Act, Cap. 372C;

“health record” means any record which

(a) consists of information relating to the physical or mental condition of an individual; and

(b) has been made by or on behalf of a health care professional in connection with the care of the individual;

“personal data” means data which relates to an individual who can be identified

(a) from that data; or

(b) from that data together with other information which is in the possession of or is likely to come into the possession of the data controller;

“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

“process” in relation to information or data, means to obtain, record or hold the information or data or carry out any operation or set of operations on the information or data, including the

(a) organization, adaptation or alteration of the information or data;

(b) retrieval, consultation or use of the information or data; (a) (b) (c) (d) (e) (a) (b) (a) (b) (a) (b).

(c) disclosure of the information or data by transmission, dissemination or otherwise making available; or

(d) alignment, combination, blocking, erasure or destruction of the information or data;

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable individual;

“public authority” means a public office or a ministry, department, agency, unit other authority of the Government including a statutory body;

“recipient” means a person, public authority, agency or another body, to which the personal data is disclosed but a public authority shall not be considered a recipient where the personal data is received pursuant to an obligation imposed by the any enactment;

“relevant filing system” means any set of information relating to individuals to the extent that although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that the specific information relating to a particular individual is readily accessible;

“representative” means a representative of the data controller or data processor who is not established in Barbados and is nominated pursuant to

(a) section 50(3) in respect of a data controller; or

(b) section 55(3) in respect of a data processor and who represents that data controller or data processor with regard to their obligations under this Act;

“restriction of processing of personal data” means the marking of stored personal data with the aim of limiting their processing in the future;

“sensitive personal data” means personal data consisting of information on a data subject’s

(a) racial or ethnic origin;

(b) political opinions;

(c) religious beliefs or other beliefs of a similar nature;

(d) membership of a political body;

(e) membership of a trade union;

(f) genetic data;

(g) biometric data;

(h) sexual orientation or sexual life;

(i) financial record or position;

(j) criminal record; or

(k) proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court of competent jurisdiction in such proceedings;

“trade union” has the meaning assigned to it by the Trade Unions Act, Cap. 361;

“Tribunal” means the Data Protection Tribunal established pursuant to section 90.