General Data Protection Regulation in Jersey: what is it, why should I care and what should I do about it?

-

General Data Protection Regulation in Jersey: what is it, why should I care and what should I do about it?

Newsletters

April 04 2017 | Contributed by Ogier


While the media's attention in the past six months has been lavished on Brexit and President Trump, there is one particular news story that is still not getting a huge amount of attention, but which will affect businesses across Jersey – regardless of the United Kingdom's position within the European Union and US foreign policy – sooner than might be expected.

 Overview
The General Data Protection Regulation (GDPR) is an EU-wide reform of privacy and data protection legislation that is due to take effect from May 25 2018. It is a major update of Europe's data privacy laws that has been born from the era of Big Data and mobile technology. At its heart, the regulation is about:
  • giving new rights for members of the public to control their data (including the much-discussed right to be forgotten);
  • imposing new and enhanced responsibilities on companies and other organisations in relation to safeguarding the data that they process; and
  • harmonising standards across the European Union and beyond to help to create a single digital market.
From the Jersey perspective, the "and beyond" element is critical for two reasons:
  • The EU reforms are wide-ranging – they affect not just European countries, regulators and governments, but all firms that want to trade in the European Union, setting out key standards for the collection, retention and use of data. Because the changes to the law effectively spread beyond the European Union's borders, they will have an impact on businesses in Jersey.
  • Jersey's existing data protection legislation, the Data Protection (Jersey) Law 2005, is based on the 1998 UK Data Protection Act. This means that Jersey law effectively predates the widespread use of smartphones and social media and 20 years of increasingly rapid and fundamental changes in the way we live and do business. Legislation on the island will therefore need to be updated to align with the General Data Protection Regulation so that Jersey can maintain its 'adequacy' status – that is, formal recognition that Jersey's laws match the reformed legislation and higher standards in the European Union.
Jersey's regulator, the Information Commissioner, has already warned that any failure to prioritise and resource the necessary preparations for the General Data Protection Regulation reforms could have a seriously detrimental effect on the island's financial and digital sectors, both of which rely on seamless and rapid flows of information across jurisdictional borders.
Among the changes brought about by the General Data Protection Regulation, the following are likely to affect Jersey's business community:
  • New criteria for obtaining consent to process personal data – under the General Data Protection Regulation, an individual's consent must be freely given, specific, informed and unambiguous, so simple opt-out mechanisms will no longer suffice, and silence or inactivity cannot be taken as consent.
  • The right to be forgotten will enable individuals to demand the deletion of their data.
  • New protection for children will be introduced, requiring parental consent before their personal information can be processed.
  • Firms will be required to notify national regulators, typically within 72 hours, if they are hacked and, where high-risk breaches take place, to notify the individuals concerned.
  • Many businesses will be required to employ appropriately qualified data protection officers, responsible for ensuring data protection compliance.
  • Fines for serious contraventions of the rules may be up to €20 million – almost £16 million – or 4% of global annual turnover.
The hefty fines underline the seriousness of the reforms. However unlikely it may be for a fine to be levied for a first offence or a minor breach, the law allows for punitive fines for a reason – the European Union is taking data protection seriously.
Jersey organisations' responsibility
Fundamentally, Jersey businesses must ensure that they comply with the new regulation when it comes into force in May 2018. That means starting work now – not in a year's time – to:
  • assess how the General Data Protection Regulation will affect the business;
  • decide what changes will be needed to ensure compliance;
  • resource and implement those changes in line with published guidance; and
  • take steps to ensure compliance can be documented and demonstrated.
It is particularly important to bear in mind that the General Data Protection Regulation is based on the concept of data protection "by design". Simply put, this means that data privacy risk and compliance must be built into all systems, processes and procedures across an organisation. Working to ensure that a business is ready for May 2018 will not just be an IT project; it will require accountability and engagement from board level down through all levels of the business.
Organisations that have not yet started to engage seriously with the General Data Protection Regulation reforms are almost certainly behind at least some their competitors. However, speed and competitive edge are not really what is at stake here: compliance is what matters. Take it seriously and do it right.

 For further information on this topic please contact Sara Johns at Ogier by telephone (+44 1534 514 000) or email (sara.johns@ogier.com). The Ogier website can be accessed at www.ogier.com.

Comments

Post a Comment

Please share your valuable comments and thoughts on this article. Thanks!

Popular posts from this blog

Responding to Software Review Audits- Good tips on how to handle audit requests and settlements

-
Image
Managing Audits to Prevent Unauthorized Disclosures by Technology Teams by Keli Johnson Swan in Blogs , Software Audits Disputes involving software usage are on the rise for businesses of all sizes. In some cases, technical teams respond to a software publisher’s or a third party’s audit request and provide significant amounts of data without notifying anyone on the corporate governance or the legal teams.  It is critical for those teams to evaluate the publisher’s legal ability to audit, and to identify the data the publisher is entitled to request. It is not uncommon for the legal team to discover the existence of a software audit or license verification after the company has received a demand for damages arising from alleged over-usage of software. Often, employees responding to an audit request do not understand the request and provide inaccurate or incomplete information. Once this information is disclosed, it can expose the business to a damages cla
Read more

20 apps to help provide easier access to legal help: Good list of apps. Check it out

-
Image
20 apps to help provide easier access to legal help BY JOE DYSART APRIL 1, 2015, 6:01 AM CDT Reference:  http://www.abajournal.com/magazine/article/20_apps_providing_easier_access_to_legal_help Image from  Shutterstock . Just as the smartphone brought computing to the cyberchallenged, it is putting justice into the hands of some who may need it most. Apps for immigrants, the indigent, those who face arrest and the lawyers who help them have been popping up with increasing frequency. And many of those closest to the technology believe the momentum behind the developments is just starting to build. “People talk a lot about digital technologies revolutionizing legal practice,” says Tanina Rostain, a law professor at Georgetown Law Center who teaches a course on the potential of Internet-based technologies for legal practice and pedagogy. “This is the area where the revolution is happening.” Not surprisingly, among the earliest promulgators of justice apps are legal a
Read more

Influencers in the workplace: Can promotional work on social media be regarded as moonlighting?

-
Image
  Lawtons Africa Jun 9, 2023 4 min read Influencers in the workplace: Can promotional work on social media be regarded as moonlighting? Author: Andile Mphale– Candidate Attorney Supervised by: Lavery Modise– Consultant https://www.lawtonsafrica.com/post/influencers-in-the-workplace-can-promotional-work-on-social-media-be-regarded-as-moonlighting The use of social media has many benefits; one of them being the creation of work and income opportunities, such as doing promotional work on social media. Promotional work on social media has also given rise to the term “influencer”. An influencer is someone with a substantial following or a notable online presence, who can influence potential consumers into purchasing a product or service through social media endorsements or recommendations and receive a reward for that. There are influencers who do promotional work on social media on a full-time basis and make a living from it. There are also influencers who do promotional work on social med
Read more