The ODPA Annual Report for 2024 claims the organisation had a successful year focused on protecting data rights and promoting compliance within the Bailiwick of Guernsey.
Their report highlights several key achievements including recognition from the European Commission, the appointment of a new Data Protection Commissioner, and the launch of an investigation into potentially harmful gambling practices.
The ODPA issued 12 breach determinations and 7 public statements, they’ve engaged with hundreds of children through its schools outreach programme, and published twelve guidance articles and signed three international “Memoranda of Understanding”.
The report’s headline statements
The main headline from the report highlights that the European Commission confirmed the “adequacy” of the Bailiwick of Guernsey’s data protection law.
They claim it’s a significant achievement as it means personal data can flow freely between the European Union and Guernsey, without the need for additional safeguards.
They add that this recognition demonstrates that the Bailiwick’s data protection standards are on par with those of the EU.
The appointment of Brent Homan as the new Data Protection Commissioner also is included, with his point of direction for the Authority taking a strong focus.
A new Commissioner often signals a period of strategic change and new direction for an organisation. Homan’s appointment here is tied to the ODPA’s new regulatory pillars of ‘Balance, Trust, and Partnership,’ suggesting a fresh approach to data protection in the Bailiwick.
The ODPA state they’ve launched an investigation into potentially harmful practices within the Bailiwick’s gambling sector.
They add that this action demonstrates the regulator’s commitment to proactive enforcement and its focus on addressing areas of high risk.
The report notes a partnership with the Alderney Gambling Control Commission to conduct a “Global Privacy Sweep” to elevate privacy practices across the online gambling industry, indicating a collaborative effort to tackle the issue.
Breaches, statements and guidance
The ODPA says the issuance of 12 breach determinations and 7 public statements demonstrates its active role as a regulator.
Breach determinations are formal decisions made after investigating a data breach, while public statements are used to inform the public about the outcome of investigations, the ODPA’s stance on a particular issue, or its new initiatives.
Whilst the publication of twelve guidance articles and the signing of three international Memoranda of Understanding (MOUs) shows the ODPA’s commitment to both educating the public and fostering international cooperation according to the report.
These guidance articles provide practical advice to organisations and individuals on how to comply with data protection law.
The MOUs are formal agreements with other data protection authorities, which allow for the sharing of information and collaboration on international issues, thereby extending the ODPA’s reach and influence.
These MOU’s have been signed with authorities from Bermuda, Abu Dhabi and the Isle of Man. These are on top of existing MOU’s with Jersey, Guernsey Police, Gibraltar and more.
Public Outreach
The report makes a particular effort to mention the outreach the ODPA engaged in with hundreds of children, through its schools outreach programme.
The initiative is a part of the ODPA’s focus on education and prevention, which aims to build a culture of privacy awareness for the future by teaching children about data protection from a young age.