Commissioner says organisations should be getting the basics right to avoid breaches which can cause distress and harm to individuals and reputational damage

By JOIC
20 May 2025

Commissioner says organisations should be getting the basics right to avoid breaches which can cause distress and harm to individuals and reputational damage

Organisations in Jersey need to prioritise staff training and have relevant and effective data protection policies and procedures to ensure a greater level of compliance. That’s the message from the Jersey Office of the Information Commissioner as they publish the findings of a second virtual audit on a health service sector, as part of their ongoing audit programme.

Organisations should have in place robust controls, policies, procedures and technology and provide appropriate training to ensure the safety of individuals' data and mitigate potential risks. The JOIC publish lessons learned so industry can learn from the audit outcomes.

The Commissioner is drawing data controllers’ attention to the common threads in the outcomes and lessons learned of audits, complaints and self-reported data breaches, which include:

  • Lack of relevant data protection training and refreshers.
  • Lack of effective, proportionate, implemented and communicated data protection policies and procedures.
  • The need for improved data security, integrity and confidentiality.

Jersey Information Commissioner Paul Vane said: “Elements of this most recent audit mirror the findings from a separate audit on a health service sector that we published earlier this year. We publish key findings to allow those processing personal information in Jersey, no matter how small or large their organisation, to benefit from the lessons learned. We hope lessons from our audits as well as other enforcement actions send a very strong message to those operating in Jersey that are entrusted with Islanders’ personal information.”

The full findings from the most recent virtual audit can be viewed here.

The aims of the JOIC’S audit process are to assess policies, processes and levels of compliance with the Data Protection (Jersey) Law 2018 as well as highlight areas of potential risk and set timeframes for any necessary remedial work.

Organisations that need help navigating the data protection landscape can access guidance at www.jerseyoic.org, attend the JOIC’s free guidance events, speak to the JOIC team in person at their office at 5 Castle Street, email enquiries@jerseyoic.org or call the JOIC on 716530. They can also subscribe to the JOIC's Stay in Touch newsletter.

Stay in Touch

News

Blogs

Search the Website

JERSEY OFFICE OF THE INFORMATION COMMISSIONER

2nd Floor
5 Castle Street
St. Helier
Jersey
JE2 3BT

enquiries@jerseyoic.org+44 (0) 1534 716530
for organisations
Overview for Organisations
Manage Registration
Report a Breach
Do I need to Register for Data Protection?
Resources for Organisations
GDPR and the Relationship with Local Data Protection
Registration & Charges FAQs
Small Organisation Self-Assessment
for individuals
Overview for Individuals
Information for Young People
Raise a Concern
How we Deal with Formal Complaints
Make a Freedom of Information Appeal
Resources for Individuals
Requesting Your Personal Information
How can we help you?
About
Resource Room
News
Events
Careers
Contact
Stay in Touch
DP & FOI Laws
Service Complaint Policy
Data Protection Statement © Jersey Office of the Information Commissioner 2025 v7.0.0000