Annual Report 2013

The Data Protection (Jersey) Law 2005 and Data Protection (Bailiwick of Guernsey) Law 2001 seek to
strike a balance between the rights of individuals and the sometimes competing interests of those with
legitimate reasons for using personal information.

The two Laws give individuals certain rights regarding information held about them. It places obligations
on those who process information (data controllers) while giving rights to those who are the subject of
that data (data subjects). Personal information covers both facts and opinions about the individual.

Anyone processing personal information must notify the Data Protection Commissioner’s Office that they
are doing so, unless their processing is exempt.