JOIC Data Protection Audit Programme Commences

The challenging times that we are all facing have demonstrated the importance of personal information rights and the Data Protection (Jersey) Law 2018.

The Jersey Office of the Information Commissioner (JOIC) is the data protection and information rights regulator for the Island. We are pleased to announce that we are launching a new programme of data protection audits to raise awareness of the benefits to business of good data protection, to improve respect for personal information and to ensure organisations across Jersey are compliant with the Data Protection (Jersey) Law 2018.

The programme, which will begin this month, forms part of the JOIC’s regulatory action and enforcement policy. The goals of these audits are to assist businesses to discover the strengths and weaknesses in their data protection management programmes. They will identify gaps in security to decrease the risk of personal data breaches and act like a dose of preventative data protection healthcare. They will not involve naming and shaming. The results of the audits will be available only to the businesses themselves for their benefit. However, JOIC may make public generic findings from the audits in unidentifiable form.

JOIC’s Compliance and Enforcement Manager Adrian Hayes explained: “The objective of our data protection audit programme is to reach out to data controllers and processors at the heart of their operations. We aim to discover their needs in protecting the personal information of individuals and to identify how we can help them to comply with data protection law. This programme will assist us in developing positive working relationships with Island organisations to meet our common goal of ensuring Jersey remains a safe place to do business and store data.”