Conference told how Channel Islands businesses still face GDPR obstacles

Tuesday 02 July 2019

Businesses in the Channel Islands need to continue their efforts to adapt their policies and practices to comply with the requirements of The General Data Protection Regulation (GDPR).

This is according to Carey Olsen counsel Huw Thomas, who was speaking at a Channel Islands conference in both Guernsey and Jersey, focusing on 'Data protection in the financial services industry'.

More than 200 delegates attended the half-day conferences, and speaking at the conclusion of the final event, Mr Thomas observed that many businesses were still grappling with the challenges presented by GDPR, despite the fact that it has been more than a year since the legislation was introduced on 25 May 2018 and a month since theperiod of 'transitional relief' for Channel Islands businesses came to a close on 25 May 2019.

"While we are seeing wide engagement by many businesses across the Channel Islands to address their compliance with GDPR, the general consensus is that no one was ready on 25 May 2018 – and many are still not ready now. There has been a heavy reliance on a 'one size fits all' approach to compliance, which would be unlikely to satisfy regulators if challenged," he said.

Mr Thomas led discussions with associate and fellow data protection specialist Alexandra Gill as they considered the overarching themes that had emerged in the past year. Ms Gill also presented at the Guernsey event on GDPR challenges for the trusts and private wealth sector, while partner Andreas Kistler led on the same topic in Jersey. Partners Tony Lane (Guernsey) and James Willmott (Jersey) considered the GDPR impact on local M&A activity, while Mr Thomas and senior associate Leonie Corfield (Guernsey) examined the subject from a funds perspective in each island respectively.  

Pictured: Ms Gill. 

The Carey Olsen team were also joined by Rachel Masterton, Deputy Commissioner at the Office of the Data Protection Authority in Guernsey and Jay Fedorak PhD, commissioner at the Jersey Office of the Information Commissioner who fielded questions by Carey Olsen partners Elaine Gray and Siobhan Riley, respectively, and provided crucial regulatory insight about trends they have seen at local level regarding data breaches and registration.

Mr Thomas said one of the greatest challenges for businesses was how to address the questions posed by the new data protection regime in the context of systems and processes which have evolved before GDPR was even conceived.  

"Data protection issues crop up in all manners of areas, from mergers and acquisitions, funds compliance and data subject access requests in a trusts context. Often it is only when a data subject wishes to exercise their rights or a data breach occurs that issues around data handling are unearthed."

Ms Gill said that uncertainty from a legal, regulatory and political perspective was also making things more challenging for businesses. 

"Businesses are being confronted with many difficult and contradictory issues at the moment, from how to comply with data subject access requests in light of developments in case law to what will happen with standard contractual clauses – being the legal mechanism which many businesses rely on to transfer personal data outside of the Channel Islands and the EEA, and which are currently under judicial review." 

Pictured top: Mr Thomas.