New data protection laws apply in the Channel Islands as of Friday 25 May 2018. The new legislation in Guernsey and Jersey provides a level of protection for personal data across the Channel Islands that is essentially equivalent to the EU’s General Data Protection Regulation (GDPR). The legislation also provides for the sharing of personal data between law enforcement authorities on a similar basis to the EU’s Law Enforcement Directive (LED) to ensure effective cross-border cooperation in criminal matters.
Both islands have long been committed to protecting personal data. They have had privacy legislation in place since the 1980s. Fully independent Data Protection Authorities and Commissioners are responsible for the implementation and operation of the regulatory function under each Island’s legislation. They provide advice and guidance to business and individuals, actively investigate complaints and enforce the legislation, where necessary in court. These regulatory responsibilities have been further expanded with the new legislation.
Guernsey and Jersey are among a group of only 10 jurisdictions outside the EU to have received full EU “adequacy” decisions in 2003 (Guernsey) and 2008 (Jersey). This means personal data can flow between the Islands and the 31 EEA Member States without any further safeguard being necessary. The introduction of the new legislation, on the same timescale as the GDPR, shows the commitment of Guernsey and Jersey to maintaining this adequacy status.
Data protection is an important part of the overall relationship between the Channel Islands and the EU, and hence is an important part of CIBO’s work. Good relations have been established with the European Commission (DG JUST), with meetings at senior official level in February 2017 and March 2018.
Further information about the new legislation in Guernsey and Jersey can be found using the following links: