On the same day as the GDPR came into effect, the Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law) came into force in order to align Guernsey’s data protection regime with the GDPR.

Since this time, organisations have continued to deal with the challenges the Law brings. Whilst there was, and still is, much work to do for organisations to ensure compliance with the new regime, there have been many positives for individuals and organisations alike.

Why was change required?

From a technological and data perspective, the world is a very different place today in comparison to when The Data Protection (Bailiwick of Guernsey) Law, 2001 was enacted. The internet was in its infancy and was not widely available to all. It seems so unimaginable today, but at that time, not everyone had a mobile phone. It meant that the way in which data was used and shared was fairly limited.

Fast forward a number of years and the situation is vastly different. We face unprecedented times in relation to cyber security risks posed to both individuals and organisations. The internet is widely accessible and people can organise more or less every aspect of their lives via their mobile phone. This has resulted in a huge increase in the amount of data and a revolution in the way in which it is used and shared. Globally, data protection regimes were not fit for purpose. They simply could not keep up with the digital world.

Whilst Guernsey had been ahead of the curve (in that it has had data protection legislation since 1986), the regime had become outdated and required updating. The focus of the Law was to provide increased data protection for the public and reinforce the obligations on organisations. As a result, the Law brought in a number of changes by introducing:

  • Refined measures on how consent can be obtained and when it could be relied upon.
  • Enhanced rights for individuals around how data is processed and accessed, how data can be rectified, erased or transferred as well as the right to object to processing in certain circumstances.
  • Accountability and governance obligations in addition to notification obligations in the event of a data breach.
  • Requirements in relation to the transfer of personal data between parties and between jurisdictions, with a particular emphasis on data transfers outside of the EU.

Where are we now?

Data and privacy has rarely moved out of the spotlight since the new regime came into force. For organisations it has been a busy time, not least because of the additional items that had to be dealt with during the “transitional period” which has recently ended.

Whilst the new regime in Guernsey may have brought some challenges with it and will continue to do so for some time, it has also served to bring a number of positives.

The new regime has allowed individuals to realise the potential of their data but this is also true for organisations – data can be an invaluable asset. The Law meant organisations had to get to grips with the data they held and whilst this may have been viewed as a burdensome task at the outset, the benefits of good quality data sets will be evident from a decision making, productivity, compliance and marketing perspective.

We have also seen a move towards transparency and trust which will help organisations retain their existing customer base as well as attracting new customers as consumer confidence continues to grow in an increasingly digital marketplace. Trust is key in the online world. In addition, having a strong GDPR-compliant framework which extends and modifies cyber security practices will assist in combating the very real threat of a cyber attack.

Increasingly, organisations are bringing ethics into their data protection practices, moving compliance on from simply complying with the law.

The next chapter

The Office of the Data Protection Authority (the Authority) has recently published its strategic plan for 2019-2022 which is designed to implement the Authority’s goal to deliver effective and independent data protection regulation. Similarly, data protection and security should be an integral part of any organisation’s strategic plan.

The Authority has also recently issued its first press release on enforcement action, a reprimand issued to the Policy and Resources Committee of the States of Guernsey for wrongful disclosure of health data of a staff member. Whilst there are other enforcement measures in the pipeline and it has taken some time for this step to be taken, it also demonstrates a pragmatic approach being taken. Engagement is still the primary focus.

Data protection is a topic that will stay top of the agenda for boards for some time to come; compliance certainly cannot be seen as a tick-box exercise that was undertaken in the lead up to the Law coming into effect and not to be looked at again. Ongoing compliance is key to success. Indeed, the UK Information Commissioner’s Office views data protection as “an enabler of growth and innovation” for organisations.

It is without question that further challenges lie ahead and the next few months will be interesting. However, now that the initial hard work and trepidation is over, organisations can continue to build on the changes they have made to date and focus on reaping the benefits that compliance with the new regime can bring.

Twitter LinkedIn Email Save as PDF

Richard Field

Partner: Guernsey

T +44 (0)1481 755 610
E Email Richard

Richard Sheldon

Group Partner*: Guernsey, Jersey

T +44 (0)1481 755 904
E Email Richard

Jennifer Rosser

Associate*: Guernsey

T +44 (0)1481 755 901
E Email Jennifer

More Publications
30 Jun 2020 |

"Lockdown" or "Time to Break Free"?

Arguably one of the greatest strengths of the human race is our ability to adapt. Few people in our ...

Contributors: Richard Field
23 Jun 2020 |

The International Stock Exchange – The home of UK Real Estate Investment Trusts (REITs)?

Real Estate Investment Trusts (REITs) were introduced in the UK under the Finance Act 2006 on 1 Janu...

Contributors: Chris Smedley
19 Jun 2020 |

Warranty Claims: On time, but too late?

A recent decision in the English High Court highlighted the importance of buyers acting quickly if t...

3 Jun 2020 |

Appleby’s overview of the key benefits of listing high yield bonds on TISE

In the last few years, an increasing number of issuers of high yield bonds have chosen The Internati...

Contributors: Chris Smedley
1 Jun 2020 |

We are Family and the Vital Role of the Family Office

Avoiding “shirtsleeves to shirtsleeves” in three generations is a challenge for all wealthy fami...

Contributors: Stuart Tyler
11 May 2020 |

Big Brother and The Pandemic

The coronavirus pandemic has caused untold global chaos, forced rapid digital transformation on busi...

29 Apr 2020 |

Working (Remotely) 9 to 5 (-ish)

In the past few weeks, more employees than ever before have been forced to work remotely, whether fr...

8 Apr 2020 |

Business Start-Ups

There are a lot of quotes permeating in the digital ether about starting businesses, some of them as...

2 Apr 2020 |

Putting the Green into Greenback

“The point is, ladies and gentleman, that greed, for lack of a better word, is good.” Gordon Gek...

20 Mar 2020 |

The Future, Now...?

“Is this the real life, is this just fantasy? Caught in a landslide, no escape from reality” ...