Chris Hutley-Hurst
Partner
Guernsey
KEY TAKEAWAYS:
This briefing provides an overview of the seven data protection principles contained within the Data Protection (Bailiwick of Guernsey) Law, 2017 ("the DPL"). The DPL was drafted to reflect the EU's General Data Protection Regulation (the "GDPR"). The DPL came into effect on 25 May 2018.
A related briefing on the object of the DPL, some of the key concepts used in the DPL, and the rights of data subjects is available here.
There are seven principles which are set out in the DPL (and also in the GDPR) which Guernsey organisations are legally required to adhere to. Those seven principles are as follows:
Those who process personal data must have a valid reason for doing so under the Law. The personal data must be used in a way that is fair and it must be clear precisely what the data is being used for. The conditions for lawful processing are set out in Schedule 2 to the DPL.
Personal data must be used for only for the reasons the data subject was advised at the outset that the data would be used for. Personal data must not be collected without a specific and legitimate purpose.
The personal data obtained from a data subject must be limited to what is necessary for the stated purpose.
The personal data which is held must be accurate and, where necessary, updated. Reasonable steps must also be taken to erase or correct inaccurate personal data.
Personal data must not be kept for longer than it is necessary. This will depend on the basis upon which the data is being held.
Appropriate security measures must be put in place and maintained in order to ensure that personal data is not accidentally deleted, altered or disclosed to anyone who is not permitted access to it.
An organisation must take responsibility for what it does with personal data. They must be able to demonstrate that requisite systems and measures have been put in place to ensure compliance with the Law.
Walkers’ Guernsey regulatory team can advise on all aspects of Guernsey data protection, including data protection policies, procedures, privacy notices, data subject access requests and data protection audits.
We have a team of regulatory experts spanning all practice areas who regularly advise on all aspects of Guernsey regulation, including financial services, AML, sanctions, data protection, consumer protection, competition, tax, economic substance, FATCA and the CRS. Our team can also provide training to staff on a broad range of topics.
This article was updated on 28 November 2024.
Authors
Partner, Walkers (CI) LP/Jersey
Senior Counsel/Jersey
Senior Counsel/Jersey
Senior Counsel/Guernsey
Senior Associate/Guernsey
Key Contacts
Partner, Walkers (CI) LP
Jersey
Senior Counsel
Jersey
Senior Counsel
Guernsey
Senior Associate
Guernsey