From 25 May 2018, the EU’s General Data Protection Regulation (“GDPR”) will come into force and introduce sweeping data protection reforms across all EU Member States.
The GDPR will also have an impact in Jersey. The Regulation is extra-territorial in nature, which means that any business acting as a data controller outside of the EU holding data in relation to EU citizens must comply with the GDPR.
As with the Data Protection (Jersey) Law 2005, which brought Jersey up to date with previously introduced EU legislation, an amendment to update the current law in Jersey is expected ready for implementation by May 2018.
Given the scope of the changes the GDPR will introduce, it is advisable that businesses start thinking now about any changes they may need to make to their data protection policy and procedure.
The aim of the GDPR is to enable people to have more control over their personal data, leading to an increase in consumer trust and facilitating evermore electronic transactions. However, the broad effects the GDPR will have on the way personal data is handled will result in greater accountability for data controllers.
Some ways in which the GDPR will introduce new confines for governmental bodies and businesses, include the following:
- the introduction of fines for businesses of up to 20 million euros or 4% of annual global turnover for serious non-compliance with the rules;
- some businesses, mostly those involved in large-scale processing of special categories of data such as sensitive personal data, will need a Data Protection Officer (“DPO”). All public authorities will also require a DPO; and
- there will be limits on how personal information can be used, “processed”, or shared by companies and governments.
The Data Protection Commissioner for the Channel Islands is advising that all companies, particularly those which are small to medium sized businesses, are ready for these changes and aware of the responsibilities they may have.
It is important for businesses to keep up to date with the fast-paced changes that are taking place in the field of data protection. Only last week, the European Commission published proposals for replacing the current ePrivacy Directive on the back of the GDPR. The proposed amendments to the ePrivacy Directive will cover electronic marketing and the tracking of online activities and trigger a whole new layer of reforms.
Please contact Pinel Advocates if you have any questions regarding your data protection needs.