The Grenada Data Protection Act, No. 1 of 2023 (the GDPA) was published, on May 10, 2023, in the Official Gazette, following their assent by the Deputy to the Grenada Governor-General. In particular, the GDPA consists of eight parts and seeks to promote the protection of personal data processed by public and private bodies and to provide for the functions of the Information Commission and related matters. Notably, the provisions of the GDPA establish the Information Commission as the regulatory body responsible for overseeing compliance with the GDPA and details its role and powers in this regard, specifying that complaints may be made to the Information Commission for alleged breaches of the GDPA's provisions.

Additionally, the GDPA provides legal bases for processing personal data and sensitive personal data, as well as data protection principles, including a notice and choice principle, retention principle, security principle, and disclosure principle. The GDPA also provides for data subject rights including a right to access and a right to rectification of personal data. 

Moreover, the GDPA specifies that a person who commits an offense in contravention of its provisions for which a penalty is not specifically provided may be liable to a fine of XCD 50,000 (approx. $18,500) or 100,000 (approx. $37,000) or to imprisonment for a term of three or five years, respectively, or both. In addition, with regard to corporate entities, fines range from XCD 250,000 (approx. $95,505) to XCD 500,000 (approx. $185,010).

You can access the Official Gazette here.