Guidance for Small and Medium-Sized Enterprises (SME’s)

The Data Protection (Jersey) Law (DPJL) is based around six principles of ‘good information handling’. These principles give people (the data subjects) specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it.

Organisations & businesses of all shapes and sizes are covered by the Data Protection (Jersey) Law.

This guide and the accompanying checklist have been designed to assist SMEs based in Jersey, who may not have access to extensive planning and legal resources. Using this guide, along with our twelve-step guide, will help those businesses in particular to be a business that is data-protection compliant.

If you process personal data as part of your business, the DPJL will apply to you.

It is important to remember that:

  • Customer AND employee data is personal data
  • Simply storing personal data electronically or in hardcopy constitutes ‘processing’ personal data
  • The DPJL (and where applicable, the GDPR) applies to both controllers AND processors.

Good information handling makes good business sense. You'll enhance your business's reputation, increase customer and employee confidence, and by making sure personal information is accurate, relevant and safe, save both time and money.