No specific regulation on that matter.
Article 436, 437 of the Penal Code.
Arrêté fixant les règles relatives à la protection des données à caractère personnel, published in the official gazette, Le Moniteur, #87 of May 15, 2018.
Code Penal, Published in the official gazette, Le Moniteur, Special #10, June 24, 2020.
Definition of Personal Data
There is no definition on the act.
Definition of Sensitive Personal Data
Article 4 of the Decree on personal data provides that “Any release of personal data that is likely to infringe the rights and freedom of an individual is forbidden”.
This disposition refers to sensitive personal data according to our interpretation. Thus, sensitive personal data is any data that is likely of infringe the rights and freedom of an individual.
Such entity does not exist yet in Haiti.
N/A.
N/A.
The person on whom the personal data is collected needs to be informed that it is being collected and will be processed. Collection of personal data needs to relevant and necessary for the purpose of their registration. The purpose of the collection needs to also be communicated to the person.
If personal data is communicated to a third party, it has to be accessible with the possibility to be modified by the person on which they have been stored.
The Decree provides that the personal data needs to be stored in a way to protect confidentiality and prevent disclosure. When stored, only specific people should have access to them because of their position.
The law does not regulate how breach of data should be handled. However, any communication of personal data (including breaches) can be subject to criminal and administrative lawsuits.
Mandatory breach notification
No regulation on the matter.
No specific regulation on that matter.
Article 436, 437 of the Penal Code.
The Decree on data privacy requires the user’s consent whereas Article 438 (2) of the Penal Code only specifies that the person needs to opt-out. Given that the Decree on personal data is a specific legislation on data privacy, we recommend having the user consent prior to collecting his data.
No specific regulation on that matter.
