The current data protection regime in the European Union (EU) dates back 20 years – before the growth of the internet and the digital economy.
The European Commission put forward its data protection reforms in January 2012 to make, in its view, the EU fit for the digital age. After much debate, the new reforms have now been accepted. The main reform is the General Data Protection Regulation (GDPR). As the new regime will be effected by way of regulation (rather than directive) it will have direct effect in each EU member state and therefore, each member state will have exactly the same legislation.
The Isle of Man is not part of the EU but has adopted legislation that is modelled on current EU data protection legislation to allow the Isle of Man to obtain a so-called “adequacy finding.” An adequacy finding means that the European Commission has deemed that the Island’s law ensures an adequate level of protection for personal data and this aids the transfer of personal data in and out of the Island. To retain its adequacy finding, the Isle of Man will need to enact new data protection legislation following the changes to the EU regime.