DATA PROTECTION & THE GDPR:

What does it mean for Jersey?

Advocate Vicky Milner

08.03.17

www.callingtonchambers.com

CALLINGTON CHAMBERS

Topics

• Background & data protection essentials

• General Data Protection Regulation

• Opportunities & action points

• Questions

CALLINGTON CHAMBERS

Why?

CALLINGTON CHAMBERS

CALLINGTON CHAMBERS

“Either we own political technologies or

they will own us.”

George Monbiot, The Guardian, 06.03.17

CALLINGTON CHAMBERS

Background

• Human rights; privacy

• Data protection essentials

CALLINGTON CHAMBERS

CALLINGTON CHAMBERS

Bet they don’t think

it’s boring…

• Ashley Madison

• TalkTalk

• AdultFriendFinder

CALLINGTON CHAMBERS

CALLINGTON CHAMBERS

Human rights & privacy CALLINGTON CHAMBERS

European Convention

on Human Rights (“Convention”)

• 1953: Convention brought into force by Council

of Europe, following end of WWII and in

response to growth of communism

CALLINGTON CHAMBERS

Article 8: Right to respect

for private and family life

1. Everyone has the right to respect for private

and family life, home and correspondence.

2. There shall be no interference by a public

authority with the exercise of this right…

Save in accordance with the law

CALLINGTON CHAMBERS

Data protection law

• Rights of individuals re their personal

information (“personal data”) held, stored or

processed by another

• Inc information about religious and political

beliefs, health and criminal convictions

(“sensitive personal data”)

• Limits on transfers of data to other jurisdictions,

which must provide an “adequate level of

protection”

CALLINGTON CHAMBERS

Data protection law

Those responsible must ensure that data is:

• used fairly and lawfully, for specific stated purposes

• used in a way that is adequate, relevant and not excessive

• accurate and kept for no longer than is absolutely necessary

• kept safe and secure

• not transferred outside EEA without adequate protection

CALLINGTON CHAMBERS

Data protection law

in Jersey

• Legislation in place since 1987

• Current law: the Data Protection (Jersey) Law

2005

• Adequacy:

“The Commission has…recognized Andorra,

Argentina, Canada (commercial organisations),

Faeroe Islands, Guernsey, Israel, Isle of Man,

Jersey, New Zealand, Switzerland and Uruguay as

providing adequate protection.”

CALLINGTON CHAMBERS

CI Regulator CALLINGTON CHAMBERS

www.dataci.org/gdpr

CALLINGTON CHAMBERS

General data protection

regulation (“GDPR”)

Updated legislation

harmonise data protection law across the EU

allow the digital economy to develop across the

single market

put individuals in control of their own data

greater legal certainty

right to request rectification/erasure

CALLINGTON CHAMBERS

GDPR compliance

(1) Maintaining “adequacy”

(2) Far-reaching geographical scope of GDPR

(“extra-territorial effect”)

CALLINGTON CHAMBERS

GDPR and adequacy CALLINGTON CHAMBERS

GDPR and Jersey

GDPR applies to:

• Activities of an establishment in the EU

– wherever the processing actually takes place

• Processing of EU data subjects by an entity:

– Offering goods or services within the EU; or

– Monitoring behaviour within the EU

Jersey to introduce its new law in 2018

CALLINGTON CHAMBERS

Main changes inc:

• Controllers and processors

• Record keeping

• Co-operation with regulator

• Notification

• Data Protection Officer (“DPO”)

Why should you care?

• Regulation

– Local legislation likely to echo the GDPR

• Managing risk

• Opportunities

Penalties

• Two-tier approach envisaged in the GDPR

o 2% of global annual turnover (for

undertakings) or €10m

o 4% of global annual turnover for the

preceding year (for undertakings) or €20m.

• Direct penalties under new Jersey law: under

review; details TBC

CALLINGTON CHAMBERS

CALLINGTON CHAMBERS

Risk

Opportunities CALLINGTON CHAMBERS

Opportunities CALLINGTON CHAMBERS

• New technology and systems (“privacy by

design”)

• Differentiating businesses and Jersey from

competitors

• New services/Data Protection Officer (DPO)

Action points CALLINGTON CHAMBERS

Take responsibility

Review policies and procedures

Inform

Audit

Get ready for 2018; designate a DPO

Educate

https://ico.org.uk/

CALLINGTON CHAMBERS

Paul Blake wins 400m gold, Rio 2016

The Guardian, 16.09.16

Questions

CALLINGTON CHAMBERS

Contact us CALLINGTON CHAMBERS

Advocates Vicky Milner & Davida Blackmore

Callington Chambers

T: (00 44) 1534 510250

E: vicky.milner@callingtonchambers.com

W: www.callingtonchambers.com

Follow us on Twitter: www.twitter.com/callington_law