Law: Act No.78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties (as amended to implement the GDPR) (the Act)

Regulator: There is currently no general data protection authority.

Summary: Saint Barthélemy is an overseas collectivity of France in the Caribbean and does not have its own privacy or data protection law in place. However, Act No.78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties (as amended to implement the GDPR) (the Act) is applicable and underwent amendments that came into force on June 1, 2019. The Act was amended to implement the GDPR, which is not directly apply in Saint Barthélemy. The Act provides conditions of personal data processing pursuant to the GDPR, as well as rights of data subjects, obligations of controllers and processors, and corrective measures and sanctions for non-compliance. Notably, there are obligations concerning data protection impact assessments (DPIAs) and transfers of data to countries that are not EU states. The French data protection authority (CNIL) is responsible for ensuring that data processing is carried out in accordance with the Act. In addition, Saint Barthélemy is on the list of overseas countries and territories (OCTs) the citizens of which are considered in principal as citizens of the EU. At the same time, such OCTs do not form part of the territory of the EU and are not directly subject to EU law. They are granted associate status, as provided by the Lisbon Treaty.