Regulation 9(4) of the Implementing Regulations requires "every controller and processor to which the applied GDPR applies to comply with the registration requirements in Schedule 7". This is regardless of whether the processing of personal data takes place in the Island or not.
Controllers and processors commit an offence if they contravene:
- Implementing Regulations, Paragraph 2 of Schedule 7 - Prohibition on processing without registration
- Implementing Regulations, Paragraph 12 of Schedule 7 - Duty to notify changes
These offences carry fines of up to £10,000. In addition, directors, etc. may also be personally liable for offences, by virtue of regulation 143 of the Implementing Regulations.