Data protection & privacy laws in Belize (2026)

The Act was assented to on 29 November 2021 and published in the Official Gazette on 30 November 2021; full commencement of all provisions was set for 1 January 2025, giving organisations a transition period.

The Office of the Data Protection Commissioner (ODPC) is the national supervisory authority, empowered to investigate complaints, monitor compliance, issue guidance, and impose fines or sanctions. A separate Data Protection Tribunal hears appeals.

Personal data must be processed lawfully, fairly, and transparently; collected for specified, legitimate purposes; kept accurate; not retained longer than necessary; and protected by appropriate technical and organisational security measures.

Individuals are granted rights of access, rectification, erasure, restriction of processing, data portability, and objection (including to direct marketing), as well as protection against solely automated decision-making.

Data controllers and processors must implement security safeguards, conduct data protection impact assessments where required, notify the ODPC of breaches within 72 hours of awareness, and in certain circumstances appoint a Data Protection Officer.

The Act is explicitly modelled on the EU GDPR and aligns with Caribbean Community (CARICOM) regional data-protection trends, applying to both public and private sector entities processing personal data in or from Belize.