One of the key factors for effective regulation is independence and that has been the driving factor behind the development of the new funding model. Both the General Data Protection Regulation (GDPR) and our own local law (designed to be equivalent to GDPR) require that data protection regulators be independent of government, industry and other external sources.

Data protection equivalence

Demonstrating equivalence to GDPR will go some way towards confirming to the European Commission that Guernsey should remain on the list of “adequate” jurisdictions for international flows of data to and from the EU. That adequacy assessment is ongoing, hence the need to ensure that this area was addressed. Without “adequacy”, data flows between the island and the EU would be significantly impeded, which would in turn hamper the island’s recovery from the pandemic and its ability to capitalise on the emerging digital economy.

Guernsey’s new data protection model

The new model will come into force from January 2021. All data controllers and processors established in the Bailiwick will be required to register/re-register with the ODPA between January-March 2021.

Registration can be completed either following completion/submission of the annual validation process via the Guernsey Registry, or directly with the ODPA. This should streamline the process, particularly for those using the Registry’s online submission platform.

exemptions

The current exemptions that have been in place since the new law came into force will cease as at January 2021, with the exception of those processing personal data for domestic/household purposes. Registration will then be required. Charities and not-for-profit organisations will be required to register, but will not have to pay the registration fee.

Costs

  • GBP50 for organisations with fewer than 50 full time employees (FTEs)
  • GBP2,000 for entities with 50 or more FTEs

Details as to how to assess the number of FTEs will be published in due course. The fees will then be payable annually, dovetailing with the annual requirement to review the information submitted for registration purposes.

Bulk registration

The ODPA has recognised from feedback provided by industry that for those administering and/or registering a number of entities, some form of bulk registration process may be beneficial. This is being considered and more details will follow.

Summary

The implementation of a self-funding model will allow the ODPA to be independent of the States and should assist with demonstrating adequacy. The streamlined process is to be welcomed, as is the news that the fee structure is very straightforward.

DATA PROTECTION EVOLUTION

The devil is (as always) in the detail – whilst the position may be clear for many local entities, there will be further analysis needed for those operating into the island. We are aware from discussions with clients that the bulk registration process is something of particular interest, so we await further guidance and information on that process, along with further information on assessing the number of FTEs.

More widely, this step shows Guernsey’s continued evolution and proactive growth in this area and is a recognition of the importance of data protection and effective regulation within the Bailiwick. Operating both as a tool for marketing the islands to a global marketplace and as a mechanism for building trust in a digital environment, it is vital that we continue to innovate and move forwards in this area.

We have been advising a wide range of clients on these matters, so do get in touch if you have any questions or would like to know more.

Who is the data protection regulator in Guernsey?

In Guernsey, the Office of the Data Protection Authority (ODPA) is the independent regulatory authority for the purposes of The Data Protection (Bailiwick of Guernsey) Law, 2017 and associated legislation. The ODPA is tasked with the development and implementation of the regulatory regime necessary to oversee the Law’s requirements.

Key Contacts

Richard Field

Partner: Guernsey

T +44 (0)1481 755 610
E Email Richard

Richard Sheldon

Group Partner*: Guernsey, Jersey

T +44 (0)1481 755 904
E Email Richard

Share
Twitter LinkedIn Email Save as PDF
More Publications
23 Mar 2023

Lending, Credit and Finance (Bailiwick of Guernsey) Law

The Lending, Credit and Finance (Bailiwick of Guernsey) Law, 2022 (LCF Law) will come into full effe...

Contributors: Lisa Upham
20 Mar 2023

Trusts: Comparison between the Crown Dependencies

Our Private Client and Trusts specialists in Guernsey, Isle of Man and Jersey outline some of the ke...

Contributors: Paula Fry, Melissa Wong
1 Feb 2023

Fund Finance Laws and Regulations 2023 – Guernsey

Guernsey is a leading funds domicile with a strong track record in fund finance. With more than 50 y...

19 Jan 2023

The Edinburgh Reforms: An Offshore Perspective

On 9 December 2022, the UK Chancellor of the Exchequer announced a package of reforms to the UK fina...

27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

7 Sep 2022

ESG Series Part 1: Climate Change – What on Earth is going on?

‘ESG’ has well and truly arrived, and has triggered a new age in business and financial investme...

7 Jun 2022

New Regulations and Requirements for Local Charities

The Charities etc. (Guernsey and Alderney) Ordinance, 2021 (Ordinance) and the raft of regulations t...

Contributors: Lisa Upham
20 May 2022

Lasting Powers of Attorney

The long-awaited Capacity (Lasting Powers of Attorney) (Bailiwick of Guernsey) Ordinance, 2022 (LPA ...

23 Feb 2022

Anonymisation of decisions: an invitation to consider this more but the unscrupulous need not apply!

The adage that ‘justice must not only be done, but must also be seen to be done” derives from a ...

7 Dec 2021

Notaries, E-Apostilles and Technological Changes

Notaries form the oldest branch of the legal profession. Their origins can be traced back to the Ro...