Christine Mclean May 05, 2023

Cybersecurity & The Jamaica Data Protection Act: Tips For Getting Your Employees Ready

Employee Training

Cybersecurity awareness is important now more than ever with the introduction of the Jamaica Data Protection Act. This article explains what the Jamaica Data Protection Act is and how cybersecurity training supports this important legislation.

Cyberattacks are on the rise globally.  Research by IBM shows that there was a 41% increase in ransomware attacks in 2022 with destructive attacks costing more than USD 430,000. Also, email cyberattacks increased by 48% in the first half of 2022. These statistics raise concerns about cybersecurity awareness in organisations, as well as concerns about the steps organisations are taking to protect customers’ data.

Cybersecurity threats have also increased in Jamaica. By September 2022, there were more than 700 reports of cyber crimes in the country. Chief among these crimes were denial-of-service activities — cybersecurity threats where cybercriminals prevent users from accessing online services or network resources.

These realities highlight the need for cybersecurity training for employees. They also increase the need for strict adoption of the Jamaica Data Protection Act.

In this article, you’ll learn more about the Jamaica Data Protection Act — what it is, why it’s important, and the key points to note — and you’ll also get actionable tips for cybersecurity awareness training for your employees.

What is the Jamaica Data Protection Act? 

The Jamaica Data Protection Act (JDPA) is legislation that provides companies that collect, process, and store data for people in Jamaica with a set of requirements for protecting that data and maintaining the privacy of individuals.

6 Important Facts About the Data Protection Act in Jamaica 

6 Facts About the Jamaica Data Protection Act

  • The JDPA covers data protection subjects living or deceased for up to 30 years. This means that you’re not only responsible for the data of your living customers; you’re also responsible for the data of customers who have died.

  • One of the requirements of the JDPA is that a data protection impact assessment must be submitted annually.

  • All companies that require data from people in Jamaica must be compliant with the JDPA by December 1, 2023.

  • All companies operating in Jamaica must register with the Office of the Information Commissioner as a data controller by November 30, 2023.

  • Some companies will need to appoint a Data Protection Officer. You can learn more about companies that fall into this category by reading Section 20 of the legislation.

  • Companies must submit a record of processing activity. Access templates at

How to Include the Jamaica Data Protection Act in Your Cybersecurity Training for Employees 

 1. Make Cybersecurity Awareness Training Part of The Onboarding Process 

New hires should learn about your company’s cybersecurity policies, the role they play in helping the company remain compliant with the Jamaica Data Protection Act, and what they need to do when they notice cyber threats. Here are some tips to help you make this training seamless:

  • Assess new hires before training to identify their learning gaps.

  • Create an online resource library that’s easy to access and provides new hires with all the information they need to learn about your company’s cybersecurity policies.This library should also be accessible to existing employees.

  • Provide access to ready-made courses based on the weaknesses identified in the assessment. 

2. Hire Cybersecurity Experts To Do Annual Cybersecurity Awareness Training 

Hire cybersecurity experts to do annual cybersecurity awareness training. The team at Symptai Consulting offers this service and does their cybersecurity awareness training through social engineering.

In this approach, they perform a fake cyber attack and record how staff responds. They then tailor the cybersecurity training to address the gaps identified and perform the fake cyber attack again a few weeks later to see if employees have retained the information. This is a good way to solve the specific cybersecurity problems your company faces.

 3. Make Cybersecurity Awareness Training Ongoing Using Ready-Made Courses 

Annual training by cybersecurity experts is good. But ongoing training is even better. One on One has a library of ready-made courses by CompTIA and other leading global organisations. You can access these interactive cybersecurity training courses for as low as $21 per user per year and use them to upskill your employees at any time. Book a demo with us to learn more.

Symptai Consulting also uses One on One’s learning management system to host a Jamaica Data Protection Act course. This comprehensive DPA course provides an overview of the law, information about the rights of data subjects and others, requirements for data controllers and processors, and information about standards for processing. It’s the course you and your staff need to become fully prepared for the DPA.

Read this case study to learn more about Symptai Consulting’s experience working with One on One to host, sell, and assess the impact of their JDPA course.

Symptai's Jamaica Data Protection Act Course

4.  Customise Your Cybersecurity Training To Meet The Needs Of Each Department 

Each department within your company will have different levels of cybersecurity awareness. They will also respond to cybersecurity threats differently. That’s why your cybersecurity awareness training should be tailored to the needs of each department within your company. 

For instance, your finance team would need specific training on cybersecurity attacks that put financial data at risk. These attacks will compromise the accuracy of data and impact the company’s compliance with financial regulations. The cybersecurity courses your finance team would complete would be based on these and other relevant topics.

But cybersecurity awareness training would look different for your marketing team. Marketers interact a lot with the general public and often get emails, files, and other digital documents that could threaten your company’s data security. So, the structure of the cybersecurity training you give to your finance team would look different from the training you give to your marketing team.

Make Interactive Cybersecurity Courses in Jamaica Part of Your Preparation for the Jamaica Data Protection Act 

Data security is a big part of cybersecurity training, and it also forms the basis of the Jamaica Data Protection Act. Cybersecurity training shouldn’t be an afterthought or something you do only when a cyber threat emerges. Instead, make cybersecurity training a fundamental part of each stage of an employee’s lifecycle. 

One on One offers ready-made cybersecurity courses in Jamaica that can be accessed through our award-winning learning management system (LMS). Book a demo to learn more about how we can help improve cybersecurity awareness within your company.

You can also learn more about how to do cybersecurity training effectively by watching the podcast episode below.