The Isle of Man’s data protection legislation now consists of the following, plus further regulations concerning fees:

Data Protection Act 2018 (Act)

Data Protection (Application of GDPR) Order 2018 (SD2018/0143) (GDPR Order)

Data Protection (Application of LED) Order 2018 (SD2018/0144) (LED Order)

GDPR and LED Implementing Regulations 2018 (SD2018/0145) (Implementing Regulations)

The Act, the GDPR Order and the LED Order were approved by Tynwald (the Isle of Man’s parliament) in May 2018.  However, because of a number of material comments received regarding the Implementing Regulations, these were not put before the May sitting of Tynwald and were instead subject to further revision.

When laid before the June sitting of Tynwald, the Implementing Regulations were rejected by the upper house following considered criticism from Member of the House of Keys Lawrie Hooper, stating that ‘they are onerous, they are bureaucratic, they are expensive and they are inadequate’ and calling them ‘obtuse’, ‘difficult to follow’ and ‘unnecessarily complex and bureaucratic’.

The government were able to pass the Implementing Regulations in the July sitting of Tynwald, with an implementation date of 1 August so all of the above Orders and Regulations are now in force.  However this should not be seen as the end of the story of the Isle of Man’s implementation of GDPR, instead changes to the Implementing Regulations are expected to be laid before Tynwald this Autumn to address additional concerns.  We also understand that a Bill to replace the Information Commissioner with a statutory board is anticipated in early 2019.  The responsible Minister has also repeatedly indicated that this legislation is an interim way of implementing GDPR in the Isle of Man and may well be overhauled again in the not-too-distant future with new primary legislation.

The Data Protection Act 2002 was repealed on 1 August, although provisions relating to maintaining a notification of processing with the Information Commissioner remain in force for a transitional period until 1 February 2019.  During this period renewals can be made under either the old or the new legislation, but new entries must be under the new legislation.

There are further transitional provisions, giving until 25 May 2019 to provide the transparency information required under GDPR (as applied to the Isle of Man by the GDPR Order) to data subjects and allowing consent given in compliance with the Data Protection Act 2002 to be used as the lawful ground for processing personal data until 25 May 2019, even if it does not comply with the requirements of GDPR (as applied to the Isle of Man by the GDPR Order).  These transitional provisions will not apply where GDPR itself applies (for example where the data subject is in the European Union).

We are pleased to note that exemptions with regard to trusts have been included in the Implementing Regulations and there are now exemptions, in certain circumstances, from the requirement to provide notice to a data subject that you are processing their data and from the rights of a data subject to make a subject access request.  Unfortunately similar exemptions have not been included for beneficiaries of life policies, so we hope this will be picked up in the further revisions to the Implementing Regulations.

Twitter LinkedIn Email Save as PDF
More Publications
15 Nov 2022

Insurance and reinsurance in the Isle of Man: Overview

A Q&A guide to insurance and reinsurance in the Isle of Man. Reproduced from Practical Law with the ...

3 Nov 2022

Significant Judgment for Isle of Man Fund Managers

A rethink of exclusion clauses in fund agreements may be needed after the Isle of Man’s appeal cou...

Contributors: Garry Manley
25 Oct 2022

An update to Isle of Man Trust Law

In the week that the Trust and Trustees Bill 2022 goes for its second reading (25 October 2022), it ...

27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

25 Jul 2022

Balancing Regulatory and Data Protection Compliance

This article considers data protection compliance in the context of financial services regulatory co...

Contributors: Claire Milne WS
30 Jun 2022

Getting into the Weeds: Isle of Man Regulation of Global Cannabis Investments

The global cannabis industry has grown rapidly in recent years as a number of jurisdictions have lib...

Contributors: Sophie Corkish
24 Feb 2022

Welcoming Fintech Innovation in the Isle of Man

The Isle of Man Financial Services Authority (IOMFSA) has published online support for fintech innov...

25 Nov 2021

Regulatory Approach to ESG across the Crown Dependencies

New requirements may require investment products to display a label reflecting their sustainability ...

25 Nov 2021

The International Comparative Legal Guide to Gambling 2022 – Isle of Man Chapter

This chapter was first published in The International Comparative Legal Guide to: Gambling 2022, by ...

Contributors: Sophie Corkish
30 Jul 2021

Fighting international fraud

First published in New Law Journal, July 2021. Appleby partners Anthony William and Jared Dann an...

Contributors: Jared Dann, Claire Corkish