Embedding Data Protection into your Operational Activities

Data Protection (Jersey) Law 2018 (DPJL) requires you to put in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights. This is ‘data protection by design and by default’.

In essence, this means you have to integrate or ‘bake in’ data protection into your processing activities and business practices, from the design stage right through the lifecycle.

Data protection by design is about considering data protection and privacy issues upfront in everything you do. It can help you ensure that you comply with the Data Protection (Jersey) Law 2018's fundamental principles and requirements, and forms part of the focus on accountability.

‘Baking’ Data Protection into your organisation, consider the following areas:

• Governance – board & senior management activities and agendas.
• Data Protection by Design. 
• Policies & procedures. 
• Impact assessments. 
• Internal & external communications. 

We would appreciate your opinion