What impact will the new EU regulations to be introduced on data protection have on my online Jersey business?

It is expected that the EU’s General Data Protection Regulation (the “Regulation”) will be finalised in the first quarter of 2015. The Regulation will apply to all processing of personal data by a business operating in the EU market, whether or not the business is physically based in the EU. Jersey businesses providing services to European consumers will have to meet the requirements of the Regulation, even if these differ from Jersey law requirements.  All Jersey businesses should therefore be aware of the pending Regulation, particularly those involved in data hosting or Cloud computing, and those who have EU citizens as clients. Any breach of the Regulation by a business could lead to economic penalties.

Jersey is currently assessed as being compliant with EU standards, so maintaining that high standard in line with the new Regulation will be important. It is likely that Jersey will need to update and amend the current Data Protection (Jersey) Law 2005 (the “Law”) in due course to ensure Jersey remains compliant with the Regulation. The best way to prepare for the impending changes is for a business to review its existing data protection policies and procedures to ensure that they comply with the current Law.