GDPR: new data protection requirements and opportunities
At a conference on 4 November 2016 entitled “GDPR – What does it mean for Jersey?” the Island’s authorities confirmed that Jersey will implement equivalent local legislation to the EU General Data Protection Regulation (“GDPR”) by May 2018.
Background: The GDPR will introduce enhanced data protection rights for individuals within the European Union. This is necessary because, as technology develops so more data is created, leading to an exponential increase in the amount of information available about each of us. As that happens, the ability of others to access and use our information is also increasing exponentially. The GDPR will affect any business (wherever situated) providing products or services to EU customers or processing the data of individuals within the EU, including Jersey entities which meet these criteria.
Alistair Blair (Policy Officer, States of Jersey) commented that whilst Jersey has “adequacy” status under the current EU data protection regime, Jersey’s existing law is outdated. If left unchanged it would not be fit for purpose once the GDPR comes into force. The Island’s new legislation will provide an equivalent level of protection to that in the GDPR, ensuring that Jersey keeps pace with the EU’s gold standard data protection framework.
Jersey’s Information Commissioner, Emma Martins, noted the challenges but also highlighted the opportunities available, saying: “If the Channel Islands do this right, it could give us a huge strategic advantage”.
This news from the Island’s authorities confirms that Jersey organisations must act now in order to prepare for the new requirements in place from 2018 – and by doing so businesses could put themselves ahead of the game in what is an increasingly global marketplace.