It is reported that the SIM registration regime in Barbados obliges mobile network operators to collect and store users’ personal data together with proof of identity. Nevertheless, the relevant legislative provisions could not be identified.

It is reported that at least 25% of the equity in a telecommunications carrier must be held by Barbadian natural or legal persons. Furthermore, it is indicated that the authorities have noted that mobile virtual network operators (MVNOs) are also subject to the same ownership structure requirement.

Barbados mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market.

Barbados has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Telecommunications Unit, the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process, although it operates under the Ministry of Innovations, Science and Smart Technologies.

Under Section 75.1 of the Income Tax Act 1969, every person carrying on business and every person who is or may be required by the Act to collect or pay a tax or other amount shall keep records and books of account, including an annual inventory, in Barbados, in such form and containing such information as will enable the taxes payable under the Act or the taxes or other amounts that should have been deducted, withheld or collected to be determined.

Section 170 of the Companies Act 1982 lists a series of registers and records that must be maintained at a company's registered office or at some other place in Barbados designated by the directors of the company, including minutes of meetings and resolutions of shareholders, the name and latest known address of shareholders, and a register showing the name and latest known address of each person to whom privileges, options or rights have been granted. In addition, under Section 172 of the Companies Act, adequate accounting records and records containing minutes of meetings and resolutions of the directors and any committees of the directors shall be kept at the registered office of the company or at some other place in Barbados designated by the directors. Furthermore, according to Section 172.3, when any accounting records of a company are kept at a place outside Barbados, accounting records that are adequate to enable the directors to ascertain the financial position of the company with reasonable accuracy on a quarterly basis must be kept at the company's registered office or at some other place in Barbados designated by the directors.

Section 12 of the Trusts (Miscellaneous Provisions) Act 2018 mandates that a trustee of a trust established under section 9 must retain, within Barbados, a copy of the instrument creating the trust together with any amending or supplementary instruments, as well as a register detailing specific information. This register must include the name of the settlor, a concise statement of the trust’s purposes, the name of the protector, and all documents necessary to accurately reflect the financial position of the trust.

According to Art. 22 of the Data Protection Act 2019, personal data shall not be transferred to a country or territory outside Barbados unless that country or territory provides for: (i) an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of their personal data; and (ii) appropriate safeguards on condition that the rights of the data subject are enforceable and there are available, effective legal remedies for data subjects.

Barbados has not joined any agreement with binding commitments to open transfers of data across borders.

The Data Protection Act establishes a comprehensive data protection framework in Barbados, modelled closely on the European Union’s General Data Protection Regulation (GDPR). It grants individuals various rights, including access, rectification, erasure, restriction of processing (including in relation to direct marketing), and data portability, and it imposes extensive obligations on organisations, such as requirements for breach notification, international data transfers, and data protection impact assessments. The Act also has extraterritorial reach and applies to the processing of personal data of individuals in Barbados by controllers or processors located outside the jurisdiction when the processing relates to the provision of goods or services to data subjects in Barbados. Although the Act entered into force on 31 March 2021 by proclamation of the Governor-General, several provisions concerning the mandatory registration of data controllers and data processors and the creation of official registers, specifically Sections 50, 51, 52, 55, 56 and 57, have not yet been brought into effect as of 2025.

According to Art. 65.1 of the Data Protection Act 2019, the data controller must conduct an assessment of the potential impact of the proposed processing operations on the safeguarding of personal data. This is applicable when a specific form of processing, particularly one utilising emerging technologies, is anticipated to potentially pose a significant risk to the rights and freedoms of an individual. The assessment takes into consideration the characteristics of the processing, including its nature, scope, context, and purposes.
In accordance with Art. 67.1 of the Act, a data privacy officer (DPO) must be appointed by both the data controller and data processor in situations where: (i) the processing is conducted by a public authority or body, excluding instances involving a court of competent jurisdiction acting in its judicial capacity; (ii) the fundamental activities of the data controller or data processor encompass processing operations that, due to their nature, scope, and objectives, necessitate regular and systematic monitoring of data subjects on a significant scale; or (iii) the core activities of the data controller or data processor entail large-scale processing of sensitive personal data.
Additionally, Art 69.1 outlines the responsibilities and functions of the DPO, which include: (i) informing and advising the data controller, data processor, and relevant employees about their obligations under the Data Protection Act; (ii) monitoring compliance with the Act and the data controller's or data processor's data protection policies; (iii) providing guidance on data protection impact assessments and overseeing their implementation in line with Art. 65; and (iv) working closely with the Commissioner, serving as the main point of contact for processing-related matters, including prior consultation as mentioned in Art. 66, and offering consultation on other pertinent issues when necessary.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. According to Section 23, there is no intermediary liability for information within electronic records they handle if: (i) they did not create the record; (ii) they have no actual knowledge that the information could lead to legal liability; and (iii) they are not aware of any facts indicating that the information could reasonably result in legal liability.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. According to Section 23, there is no intermediary liability for information within electronic records they handle if: (i) they did not create the record; (ii) they have no actual knowledge that the information could lead to legal liability; and (iii) they are not aware of any facts indicating that the information could reasonably result in legal liability.

Barbados has adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.