Trinidad & Tobago DPA

Data Protection Act 2011 (Act 13 of 2011)

Trinidad and Tobago's data protection law with sensitive data protections including health information. Key provisions await proclamation.

Jurisdiction

Trinidad and Tobago

Enacted

Dec 16, 2011

Effective

Jan 1, 2012

Enforcement

Data Protection Commissioner (awaiting full appointment)

Key provisions await proclamation - partial enforcement

Trinidad & Tobago Trade Ministry

Why It Matters

Trinidad & Tobago's health data protections will apply to mental health chatbots once fully proclaimed. Monitor for enforcement activation.

Recent Developments

Amendment process underway as of 2020; key provisions still awaiting proclamation

At a Glance

Applies to

Mental Health AppGeneral Chatbot

Requires

Transparency User Rights

Who Must Comply

Data controllers and processors in Trinidad and Tobago
Entities processing health or sensitive data
Public and private sector entities

Obligations fall on:

Safety Provisions

Sensitive data includes health information
Data subject rights to access and correction
Security measures for personal data
Data Protection Commissioner oversight (when proclaimed)

Compliance & Enforcement

Penalties

Fines and penalties under Act (when fully proclaimed)

Primary Source

Trinidad & Tobago Trade Ministry

https://tradeind.gov.tt/wp-content/uploads/2020/04/Terms-of-Reference-for-Advisory-Services-to-Amend-the-Data-Protection-Legislation-for-Trinidad-and-Tobago.pdf

View on map

Trinidad and Tobago

Focus Areas

Mental health & crisis

Cite This

APA

Trinidad and Tobago. (2011). Data Protection Act 2011 (Act 13 of 2011).

Related Regulations

In Effect CARICOM

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect CL

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

In Effect PR

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect AR

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

In Effect PE

Peru AI Regulations

Peru's first comprehensive AI regulatory framework, inspired by EU AI Act. Establishes three-tier risk-based approach: prohibited uses, high-risk systems (including healthcare), and low-risk/acceptable AI. First general AI regulation in Latin America. Requires human oversight, transparency, and risk assessments for high-risk AI including healthcare applications.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.