As part of international Data Protection Day on 28 January, the Office of the Information Commissioner and Data Protection Commissioner is calling on all businesses in the Channel Islands to ensure they make themselves aware of impending legislative changes that will have significant ramifications for the way that they handle all personal data.
When it comes into force across the European Union (EU) from May 2018, the General Data Protection Regulation (GDPR) aims to strengthen data protection rights for individuals and harmonise compliance requirements for businesses.
GDPR is set to be the largest change to the protection of personal data across Europe since implementation in 1995 of the EU Data Protection Directive currently in force.
At that time, and in response to the transfer controls on data exported from the EU, the Channel Islands implemented the Data Protection (Bailiwick of Guernsey) Law 2001 and the Data Protection (Jersey) Law 2005, which ensured the continued free flow of data to the islands.
The regulation will be overseen by the European Parliament, the European Council and the European Commission. The governments of Jersey and Guernsey, together with the Channel Islands Brussels Office, are working with the Commission as well as key stakeholders, to ensure the islands are prepared for the changes and businesses are aware of their responsibilities and have time to prepare.
The Commissioner is using Data Protection Day, an international day designed to raise awareness and promote privacy and data protection best practices, to start the public conversation about GDPR and its implications.
Both governments have committed to GDPR being incorporated into local law with the intention of being ready for implementation for May 2018.