The Office of the Data Protection Authority (ODPA) has offered three new updates to help protect people’s data when it is transferred outside of the Bailiwick of Guernsey.
The updated guidance and resources published by the ODPA have been produced to help local organisations and businesses navigate the very complex legal landscape around data transfers.
A data transfer occurs when people’s data is sent outside of the Bailiwick, for example, by using online products or services such as US-based Mailchimp to send subscribers a newsletter, or communicating with your customers via your organisation’s Facebook page, or employing a company in another jurisdiction to provide customer services.
The first update, ‘Guidance on International Data Transfers’ is a step-by-step guide to the things which need considering before transferring people’s data outside the Bailiwick. The second update is ‘Guidance and a self-assessment tool for Transfer Impact Assessments’ which contains a series of questions to help make risk self-assessments posed by a transfer of someone’s data outside of the Bailiwick.
Finally, the third update is ‘The Bailiwick of Guernsey Addendum for the EU Commission’s Standard Contractual Clauses (SCCs)’ which is a legal document on which restricted amendments can be made to protect data by using it in conjunction with the EU Commission’s Standard Contractual Clauses.
Pictured: Data Protection Commissioner Emma Martins.
The ODPA says that the Bailiwick has high standards of data protection thanks to the local data protection law which is considered essentially equivalent to the European Union’s data protection legislation. However, many jurisdictions around the world do not offer the same legal protections.
This mismatch of legal protections means that anyone working with people’s data in the Bailiwick must take special care whenever they transfer that data to areas of the world where there is less protection, according to the ODPA.
The Bailiwick’s Data Protection Commissioner, Emma Martins, said the legal landscape around data is constantly evolving and complex.
“The first step is always to understand what data you have and where that data is located. It is essential for all organisations to understand the risks as well as the opportunities around data transfers,” she said.
“We must all be proactive in ensuring people’s data continues to be looked after if it leaves the Bailiwick. The people whose data it is retain their legal rights over it, and your organisation remains responsible for ensuring it is protected.”
Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.
There are no comments for this article.