Registration of Controllers & Processors

The Data Protection (Jersey) Law 2018 (“DPJL”) is based around six principles of ‘good information handling’. These principles give people (the data subjects) specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it.

 

The DPAJL requires all controllers and processors established in Jersey who process personal data to register, with the Authority and to pay a fee (subject to certain exemptions). Under the DPAJL anyone who does not comply with these provisions is guilty of a criminal offence and subject to a fine.

 

What is Registration?

 

Registration is the process by which data controllers and data processors (organisations that process personal data on behalf of controllers) inform the Authority of certain details about their processing of personal information. These details are used by the Commissioner to make an entry describing the processing in a register that is available for inspection by the public.

 

The principal purpose of registration is transparency and openness. It is a basic principle of data protection that the public should know (or should be able to find out) who is processing their personal information as well as other details about the processing (such as why the processing is taking place).