Data Protection

This section provides guidance about the Data Protection Act 2002 ("Act") and the General Data Protection Regulation ("GDPR").

The Act and GDPR both regulate the use of "personal data" and set out requirements and obligations that businesses, organisations or public bodies must follow when processing personal data.

The Data Protection Act applies to all data controllers in the Island and provides:

The General Data Protection Regulation also applies directly to some data controllers and processors in the Island and provides:

Organisations in both the public and private sector must determine whether the GDPR applies to the processing undertaken and make themselves familiar with the new requirements which must be complied with in addition to the requirements of the existing Data Protection Act.   

  Find out more about the General Data Protection Regulation and how it applies in the Island

 The Unsolicited Communications Regulations also sit alongside the Act specifically in relation to direct marketing activities