Skip to main content
Link to Walkers homepage

Guernsey data protection series - the seven data protection principles

Feb 28, 2024

Advisory
A sleek black pen with 'Walkers' branding lies atop a closed notebook, both featuring raised 'Walkers' logos.

KEY TAKEAWAYS:

  • The seven data protection principles are at the core of data protection in the Bailiwick of Guernsey.
  • Controllers and Processors must ensure all processing of personal data complies with the seven data protection principles.
  • The data protection principles should always be referred to and considered when issues with data protection arise.

Introduction

This briefing provides an overview of the seven data protection principles contained within the  Data Protection (Bailiwick of Guernsey) Law, 2017 ("the DPL"). The DPL was drafted to reflect the EU's General Data Protection Regulation (the "GDPR"). The DPL came into effect on 25 May 2018. 

A related briefing on the object of the DPL, some of the key concepts used in the DPL, and the rights of data subjects is available here.

There are seven principles which are set out in the DPL (and also in the GDPR) which Guernsey organisations are legally required to adhere to. Those seven principles are as follows:

1. Lawfulness, fairness and transparency

Those who process personal data must have a valid reason for doing so under the Law. The personal data must be used in a way that is fair and it must be clear precisely what the data is being used for. The conditions for lawful processing are set out in Schedule 2 to the DPL.

2. Purpose limitation

Personal data must be used for only for the reasons the data subject was advised at the outset that the data would be used for. Personal data must not be collected without a specific and legitimate purpose.

3. Data minimisation

The personal data obtained from a data subject must be limited to what is necessary for the stated purpose.

4. Accuracy

The personal data which is held must be accurate and, where necessary, updated. Reasonable steps must also be taken to erase or correct inaccurate personal data.

5. Storage Limitation

Personal data must not be kept for longer than it is necessary. This will depend on the basis upon which the data is being held.

6. Integrity and confidentiality

Appropriate security measures must be put in place and maintained in order to ensure that personal data is not accidentally deleted, altered or disclosed to anyone who is not permitted access to it.

7. Accountability

An organisation must take responsibility for what it does with personal data. They must be able to demonstrate that requisite systems and measures have been put in place to ensure compliance with the Law.

About Walkers’ Guernsey regulatory team

Walkers’ Guernsey regulatory team can advise on all aspects of Guernsey data protection, including data protection policies, procedures, privacy notices, data subject access requests and data protection audits.

We have a team of regulatory experts spanning all practice areas who regularly advise on all aspects of Guernsey regulation, including financial services, AML, sanctions, data protection, consumer protection, competition, tax, economic substance, FATCA and the CRS. Our team can also provide training to staff on a broad range of topics.

This article was updated on 28 November 2024.

Regulatory & ComplianceGuernsey

Authors

Chris Hutley-Hurst

Chris Hutley-Hurst

Partner/Guernsey

T/+44 (0) 1481 758 950
M/+44 (0) 7911 720 470
E/Email Chris Hutley-Hurst
More articles from this author View profile
Dilmun Leach

Dilmun Leach

Partner, Walkers (CI) LP/Jersey

T/+44 (0) 1534 700 783
M/+44 (0) 7797 912 371
E/Email Dilmun Leach
More articles from this author View profile
Gemma Palmer

Gemma Palmer

Senior Counsel/Jersey

T/+44 (0) 1534 700 885
E/Email Gemma Palmer
More articles from this author View profile
Sian Langley

Sian Langley

Senior Counsel/Jersey

T/+44 (0) 1534 700 774
M/+44 (0) 7797 951 951
E/Email Sian Langley
More articles from this author View profile
Jamie Bookless

Jamie Bookless

Senior Counsel/Guernsey

T/+ 44 (0) 1481 748 926
M/+ 44 (0) 7911 766 994
E/Email Jamie Bookless
More articles from this author View profile
Jarrad Knoetze

Jarrad Knoetze

Senior Associate/Guernsey

T/+44 (0) 1481 748 944
M/+44 (0) 7911 152 677
E/Email Jarrad Knoetze
More articles from this author View profile

Solution areas

Regulatory & Compliance

Key Contacts

Get in touch with our team

Chris Hutley-Hurst
Chris Hutley-Hurst

Chris Hutley-Hurst

Partner

Guernsey

T

+44 (0) 1481 758 950

M

+44 (0) 7911 720 470

E

Email Chris Hutley-Hurst
View profile
Dilmun Leach
Dilmun Leach

Dilmun Leach

Partner, Walkers (CI) LP

Jersey

T

+44 (0) 1534 700 783

M

+44 (0) 7797 912 371

E

Email Dilmun Leach
View profile
Gemma Palmer
Gemma Palmer

Gemma Palmer

Senior Counsel

Jersey

T

+44 (0) 1534 700 885

E

Email Gemma Palmer
View profile
Sian Langley
Sian Langley

Sian Langley

Senior Counsel

Jersey

T

+44 (0) 1534 700 774

M

+44 (0) 7797 951 951

E

Email Sian Langley
View profile
Jamie Bookless
Jamie Bookless

Jamie Bookless

Senior Counsel

Guernsey

T

+ 44 (0) 1481 748 926

M

+ 44 (0) 7911 766 994

E

Email Jamie Bookless
View profile
Jarrad Knoetze
Jarrad Knoetze

Jarrad Knoetze

Senior Associate

Guernsey

T

+44 (0) 1481 748 944

M

+44 (0) 7911 152 677

E

Email Jarrad Knoetze
View profile

Get the latest insights and expertise in your inbox 

Fluid ink image
Sign up
logo footer

Connect with us

FacebookFacebook
InstagramInstagram
LinkedInLinkedIn

Employee login

Self Service Password ResetWalkers AnywhereWalkers Sharefile
Legal notices/Cookies policy

All rights reserved - © 2025 Walkers Global