One of the key factors for effective regulation is independence and that has been the driving factor behind the development of the new funding model. Both the General Data Protection Regulation (GDPR) and our own local law (designed to be equivalent to GDPR) require that data protection regulators be independent of government, industry and other external sources.

Data protection equivalence

Demonstrating equivalence to GDPR will go some way towards confirming to the European Commission that Guernsey should remain on the list of “adequate” jurisdictions for international flows of data to and from the EU. That adequacy assessment is ongoing, hence the need to ensure that this area was addressed. Without “adequacy”, data flows between the island and the EU would be significantly impeded, which would in turn hamper the island’s recovery from the pandemic and its ability to capitalise on the emerging digital economy.

Guernsey’s new data protection model

The new model will come into force from January 2021. All data controllers and processors established in the Bailiwick will be required to register/re-register with the ODPA between January-March 2021.

Registration can be completed either following completion/submission of the annual validation process via the Guernsey Registry, or directly with the ODPA. This should streamline the process, particularly for those using the Registry’s online submission platform.

exemptions

The current exemptions that have been in place since the new law came into force will cease as at January 2021, with the exception of those processing personal data for domestic/household purposes. Registration will then be required. Charities and not-for-profit organisations will be required to register, but will not have to pay the registration fee.

Costs

  • GBP50 for organisations with fewer than 50 full time employees (FTEs)
  • GBP2,000 for entities with 50 or more FTEs

Details as to how to assess the number of FTEs will be published in due course. The fees will then be payable annually, dovetailing with the annual requirement to review the information submitted for registration purposes.

Bulk registration

The ODPA has recognised from feedback provided by industry that for those administering and/or registering a number of entities, some form of bulk registration process may be beneficial. This is being considered and more details will follow.

Summary

The implementation of a self-funding model will allow the ODPA to be independent of the States and should assist with demonstrating adequacy. The streamlined process is to be welcomed, as is the news that the fee structure is very straightforward.

DATA PROTECTION EVOLUTION

The devil is (as always) in the detail – whilst the position may be clear for many local entities, there will be further analysis needed for those operating into the island. We are aware from discussions with clients that the bulk registration process is something of particular interest, so we await further guidance and information on that process, along with further information on assessing the number of FTEs.

More widely, this step shows Guernsey’s continued evolution and proactive growth in this area and is a recognition of the importance of data protection and effective regulation within the Bailiwick. Operating both as a tool for marketing the islands to a global marketplace and as a mechanism for building trust in a digital environment, it is vital that we continue to innovate and move forwards in this area.

We have been advising a wide range of clients on these matters, so do get in touch if you have any questions or would like to know more.

Who is the data protection regulator in Guernsey?

In Guernsey, the Office of the Data Protection Authority (ODPA) is the independent regulatory authority for the purposes of The Data Protection (Bailiwick of Guernsey) Law, 2017 and associated legislation. The ODPA is tasked with the development and implementation of the regulatory regime necessary to oversee the Law’s requirements.

Key Contacts

Richard Field

Partner: Guernsey

T +44 (0)1481 755 610
E Email Richard

Richard Sheldon

Managing Group Partner*: Guernsey

T +44 (0)1481 755 904
E Email Richard

Share
Twitter LinkedIn Email Save as PDF
More Publications
15 May 2024

Data Protection guidance in Guernsey for Emarketing, SMS/MMS and telemarketing

We are bombarded on a daily basis by communications endeavouring to lure us into some form of purcha...

30 Apr 2024

Secondary Pensions in Guernsey: Are you ready for it?

After several years of planning (and delays), The Secondary Pensions (Guernsey and Alderney) Law (La...

9 Apr 2024

The Global – your offshore corporate law questions answered: April 2024

The Global is a quarterly collection of corporate expert insights and analysis across Appleby's glob...

22 Mar 2024

Trading Standards: Application to your business

The Trading Standards (Fair Trading) (Guernsey) Ordinance, 2023 (Ordinance) came into force last O...

19 Mar 2024

Guernsey retains its EU adequacy – as expected

The post-Brexit regulatory landscape continues to throw up challenges and jurisdictional arbitrage, ...

18 Mar 2024

Parental Bereavement Leave: Jersey to implement further family leave rights

The UK introduced “Jack’s law” in 2020. Jersey is now following the UK’s example, and as of ...

26 Jan 2024

Fund Finance Laws and Regulations 2024 – Guernsey

Guernsey is a leading funds domicile with a proven track record of more than 50 years as an internat...

10 Jan 2024

The Global – your offshore corporate law questions answered

The Global is Appleby’s quarterly collection of expert insights and analysis on the latest develop...

22 Sep 2023

Discrimination law in Guernsey: The Same but Different

The Prevention of Discrimination (Guernsey) Ordinance 2022 (“Ordinance”) will come into force on...

22 Sep 2023

Financial platforms and intermediation

The Lending, Credit and Finance (Bailiwick of Guernsey) Law 2022, (LCF Law) came into effect 1 July ...