DPMAS· Data Privacy and Management Advisory Services
DPMAS · BARBADOS · MMXXVI
The Practitioner Library Open Access · No Email Gate

Tools, writing, and briefings.

Anchored in the Data Protection Act 2019-29 — published the way DPMAS uses them.

Resources that DPMAS works with on its own engagements, published openly so Caribbean controllers, counsel, and regulators can use them too. The DPIA Threshold Screener is the flagship — a fourteen-question pre-assessment that produces a signed, printable accountability record without asking for an email address. More practitioner tools, briefings, and long-form writing follow as the library matures.

01 / 04 Tool live
03 / 04 Tools forthcoming
10 Published articles
03 Briefings in plan
I. Practitioner Tools

Built for the file, not for lead capture.

Working artefacts a privacy officer, in-house counsel, or DPO can pick up and use. No accounts, no email gates. Where a tool produces a record, that record is yours to sign, retain, or share.

Flagship · Live Live

DPIA Threshold Screener

A structured pre-assessment under the Data Protection Act 2019-29. Answer fourteen threshold questions — the screener tells you whether a full DPIA is required, recommended, or not required, and produces a signed, printable record the controller can place in its accountability file. Where any answer is Unsure, the screener treats it as a trigger; the burden of doubt sits with the controller.

  • 14Threshold triggers
  • ~5Minutes to complete
  • PDFPrintable record
Open the screener → Need help interpreting the result?
In Development
ii.

Records of Processing Template

An article-aligned ROPA template covering controllers and processors — populated against the categories the Act actually asks for, not a borrowed GDPR form.

Forthcoming
iii.

Breach Notification Decision Tree

A scoping flow for the seventy-two-hour notification question — when the Commissioner must be told, when data subjects must be told, and when neither is required.

Forthcoming
iv.

Vendor DPA Checklist

A pre-signature controls review for processor agreements — what the Act requires the contract to contain, what it should contain in practice, and where the standard cloud-vendor template falls short.

Forthcoming
II. Writing

Reading the regime from inside the file.

A standing column and selected long-form pieces. Written for executives, regulators, and engaged readers — without the boosterism, and without importing North American framing as if it were neutral.

CYBERPULSEA column in Barbados Today

Steven's standing column on the implementation realities of the Data Protection Act 2019-29, Caribbean cyber posture, and the policy infrastructure the region is still building.

Read the archive →

Selected Long-form

  1. May 2026 · CyberPulse · Barbados Today

    The human risk in QEH's digital revolution

    The hardest part of an integrated electronic medical record is not technology but behaviour — and a Data Protection Impact Assessment done early, not as a compliance afterthought.

  2. May 2026 · CyberPulse · Barbados Today

    What Europe's Microsoft problem means for Barbados data

    The EU is rethinking strategic dependence on US cloud platforms under the CLOUD Act. The Caribbean, running on the same infrastructure under privacy laws modelled on the same standards, cannot assume it sits outside the consequences.

  3. Nov 2025 · CyberPulse · Barbados Today

    The data courier problem: why Bajans shouldn't have to bridge government's digital gaps

    A citizen forced to ferry insurance confirmation between the BRA and the Licensing Authority is not a service failure — it is the predictable output of digitisation done in silos, without an integration strategy.

  4. Nov 2025 · CyberPulse · Barbados Today

    Why CEOs should never be first to speak after a data breach

    The Data Protection Commissioner's IABC remarks, extended: why a trained communicator — not the chief executive — should deliver the first public statement, and why the everyday internal breach is the one Caribbean organisations keep missing.

  5. Oct 2025 · CyberPulse · Barbados Today

    When data protection becomes a matter of life and death

    Healthcare data is the one category where mishandling can directly cost a life. Reading the October 2025 MIST and Data Commissioner seminar against the QEH 2022 ransomware incident and the operational realities behind it.

  6. Oct 2025 · CyberPulse · Barbados Today

    The CARICOM governance paradox: building free movement in a region without privacy

    A regional Mobility ID is the logical answer to free movement among Barbados, Belize, Dominica, and St. Vincent — but uneven data protection across Member States makes it the most exposed system the region could build.

  7. Sep 2025 · CyberPulse · Barbados Today

    AI, education and healthcare: preparing Barbados for the next great disruption

    The two largest national budgets sit at the intersection where AI will hit hardest. Why the conversation has to happen between the Ministry of Labour and the Ministry of Educational Transformation — and why the next generation is already ahead of the policymakers.

  8. Aug 2025 · CyberPulse · Barbados Today

    Cybersecurity isn't just for big business: a practical framework for MSMEs

    A sized-for-scale framework — People, Process, Technology, Resilience — for micro and small enterprises that cannot afford enterprise tooling but increasingly carry supply-chain risk for organisations that can.

  9. Jun 2025 · CyberPulse · Barbados Today

    Digital deceit and legal delay: the price of inaction in the age of AI

    Barbados' Computer Misuse Act predates deepfakes, voice cloning, and synthetic CSAM by two decades. Why the contested 2023 Cybercrime Bill cannot remain stalled, and what its passage would still leave unaddressed.

  10. Apr 2025 · CyberPulse · Barbados Today

    Between the eagle and the dragon: Caribbean digital sovereignty in the US-China tech war

    Errol Barrow's "friends of all, satellites of none" tested by Digital Silk Road infrastructure, BYD shipments, DeepSeek's market shock, and US tariffs on Chinese cargo. The choices the region makes now will shape its digital future and its strategic independence.

III. Briefings

Short documents for non-technical decision-makers.

One-pagers and short briefs that translate the Act and its operational implications into language a board, an HR committee, or a sector regulator can act on.

Board Primer 8–12 pp.
For: Directors · Audit committees

DPA 2019-29: a primer for boards

What the Act actually requires of governance, where the practical exposure sits, and what good looks like in the first year of compliance. Written for directors who will sign off on it, not for the team that will implement it.

Forthcoming
One-pager 1–2 pp.
For: HR · CEO · Audit chairs

What a DPO actually does

A clear-language note for executives deciding whether to appoint internally, retain a consultant, or outsource the role entirely — and what each option means for accountability and budget.

Forthcoming
Sector Briefs 4–6 pp. each
For: Operators · Regulators · Counsel

Sector compliance briefs

Focused notes on the practical compliance posture for financial services, healthcare, telecommunications, and government — calibrated to the supervisory architecture each sector actually sits inside.

Forthcoming
IV. Capability Statement

A single document — the practice, on paper.

The DPMAS capability statement is the one document to share with a procurement officer, a board secretary, or a regulator who needs the practice on a single PDF. It covers the four pillars, the lead practitioner's credentials, sectors served, and the routes to engage. Available here and from the Contact page.

A Note on the Library

Specific section references to the Data Protection Act 2019-29 within DPMAS tools and briefings should be confirmed against the current published text before regulatory submission. Where comparators (GDPR, CCPA) are mentioned, they are treated as comparators — not as substitutes for the Barbados statute.

AI-assisted, practitioner-reviewed. Some library artefacts are developed with AI assistance; substantive content is reviewed by DPMAS. Tools and briefings are published for general guidance and do not constitute legal advice.