Privacy Law at Guernsey (Crown Dependency)
Guernsey, a Crown Dependency, enforces the Data Protection (Bailiwick of Guernsey) Law, 2017, which aligns with the EU's General Data Protection Regulation (GDPR). This law, effective from 25 May 2018, ensures robust data protection standards and facilitates the free flow of data between Guernsey and the EU
Key Aspects of Guernsey's Data Protection Law
1. Supervisory Authority
Office of the Data Protection Authority (ODPA) An independent body responsible for enforcing data protection laws in Guernse. The ODPA promotes compliance, handles complaints, and has the authority to issue fines and conduct audits
2. Data Subject Rights
Individuals in Guernsey have the following rights under the Data Protection Law:
Right of Access Individuals can request information about the processing of their personal data.
Right to Rectification Individuals can request corrections to inaccurate or incomplete dat.
Right to Erasure Individuals can request the deletion of their personal data under certain condition.
Right to Restriction of Processing Individuals can request limitations on how their data is processe.
Right to Data Portability Individuals can obtain and reuse their personal data across different service.
Right to Object Individuals can object to the processing of their personal data in certain circumstance.
Right Not to Be Subject to Automated Decisions Individuals can contest decisions made solely based on automated processing
3. Lawful Bases for Processing
Data controllers in Guernsey must ensure that personal data is processed based on one or more lawful bases, such a:
Consent Obtaining explicit permission from the individuals.
Contractual Necessity Processing required to fulfill a contract with the individua
Legal Obligation Processing necessary to comply with legal dutie.
Vital Interests Processing necessary to protect someone's li
Public Task Processing necessary for the performance of an official function.
Legitimate Interests Processing based on a legitimate interest pursued by the data controller or a third party
4. Enforcement and Penalties
Administrative Fines The ODPA can impose fines ranging from £5,000 to £10 million, depending on the severity of the breach
Criminal Penalties Individuals found guilty of offenses under the Data Protection Law may face fines and imprisonment.
RELATED Blog
0 comments