The new Laws were unanimously agreed by the States Assembly earlier this year and will enable data to continue moving freely between Jersey and the European Union. This will benefit trade and help law enforcement agencies cooperate with their counterparts in other jurisdictions.
The Assistant Chief Minister, Senator Paul Routier MBE, said: “This is an important milestone for Jersey. The new data protection regime will bolster the rights of Islanders, ensure equivalence with the EU and further our standing as a trusted place to do business.”
Local law firm Viberts warned that the new data protection legislation will mean local businesses have to take action fairly swiftly to get themselves ready and compliant for 25 May, adding that requirements will largely mirror those of GDPR.
Pictured: Eleanor Colley from Viberts.
With only 100 days to go before the law comes into force, one of the firm’s solicitors, Eleanor Colley, issued a five-step action plan for businesses. Her advice includes:
- Conducting a data controllers’ or data processors’ self-assessment using the Office of the Information Commissioner downloadable questionnaires.
- Reviewing existing employment, customer and supplier contracts to ensure correct consents are in place for the processing of employees and customers’ data.
- Have a “SAR” (subject access request) process to act on, or where appropriate refuse, requests where an individual asks for all the data held about them to be provided.
- Having an internal process for the management and reporting of data breaches.
- Draft Privacy Notices to issue whenever personal data is collected.