GDPR in the Island
The GDPR extends to the Island.
Many Island controllers, and some processors, will need to comply with the GDPR as well as the existing Island legislation and any legislation equivalent to the GDPR introduced in the Island. This means that they are likely to be subject to regulation by the Information Commissioner AND a supervisory authority in the EU.
The GDPR requires controllers and some processors to implement data governance procedures and measures.
Island controllers and processors required to comply with the GDPR will need to comply with these obligations.
The GDPR provides data protection authorities in EU Member States with strong regulatory powers and the ability to levy significant fines and other penalties.
Island controllers and processors required to comply with the GDPR will be subject to enforcement and sanctions by the lead supervisory authority.
The GDPR is in force from 24 May 2016 and is fully enforceable from 25 May 2018.
Island controllers and processors should start considering their position with a view to achieving full compliance by May 2018.