Security incidents in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or unlawfully used by a third-party are denominated as data breaches or data leakages. Data protection has proven to be a challenge all over the world. Theft of personally identifiable information is a very profitable business model for cybercriminals.

Curaçao is no exception to the rule. The government of Curaçao actively adapted our laws to address this eminent treat. In 2013 the government of Curaçao approved our very own data protection regulation Landsverordening Bescherming persoongegevens, (AB 2010, no. 84) This law regulates protection of personally identifiable information of citizens in Curaçao.

Since May 25, 2018, a new regulation to protect personally identifiable information is enforced by the European Union (EU). This regulation is called the General Data Protection Regulation or GDPR. The objective is to guide and regulate the way entities handle their customers’ personal information and create strengthened and unified data protection for all individuals within the EU.

Curaçao is no exception to the rule. GDPR, unlike the former EU directive, also applies to companies outside of the EU that offer goods and services to people in the EU, hence, also companies and entities in Curaçao.

In order to assist you in your effort to be GDPR compliant, Bureau Telecommunicatie & Post assembled this dynamic FAQ list with valuable information on various aspects of the regulation. This page will continuously be updated.