Subject Access; A Guide for Data Controllers

The Data Protection (Jersey) Law 2018 provides individuals with a number of rights. The one most commonly used is the right of subject access.


This right, commonly referred to as subject access, is created by article 7 of the Law. It’s most often used by individuals who want to see what information an organisation holds about them. However, the right of access goes further than this, and an individual who makes a written request is entitled to be:


  • told whether any personal data is being processed;
  • given a description of the personal data, the reasons it’s being processed, and whether it will be given to any
  • other organisations or people;
  • given the information contained in personal data; and the details of the source of the data (where available).


Every individual is entitled to have their personal information protected, used in a fair and legal way, and made available to them when they ask for a copy. If an individual feels that their personal information is wrong, they are entitled to ask for that information to be corrected.


Data protection is essential to innovation. Good practice in data protection is vital to ensure public trust in, engagement with and support for innovative uses of data in both the public and private sectors.


Part 6 of the Data Protection (Jersey) Law 2018 gives rights to individuals in respect of personal data held about them by others.


This is part of a series of guidance to help organisations fully understand their obligations, as well as to promote good practice.