Remember the Basics

The Data Protection (Jersey) Law 2018 places obligations on organisations of all shapes and sizes about personal data used in their day to day activities.

The Principles are at the core of the responsibilities placed upon controllers and processors. Whilst compliance with each Principle must be met, they are inextricably linked and therefore should not be read in isolation. Both controllers and processors must ensure that the processing of personal information/data complies with the data protection principles (Article 8 DPJL);

• FAIR, LAWFUL and TRANSPARENT PROCESSING: Personal data are to be processed lawfully, fairly and in a transparent manner in relation to the data.

• PURPOSE LIMITATION: Personal data must be collected for specified, explicit and legitimate purposes and once collected, not further processed in a manner incompatible with those purposes.

• EXCESSIVE DATA COLLECTION: Personal data collected must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

• ACCURACY OF DATA: Personal data must be accurate and, where necessary, kept up to date, with reasonable steps being taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

• STORAGE LIMITATION: Personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.

• DATA SECURITY, INTEGRITY AND CONFIDENTIALITY: Personal data must be processed in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


We would appreciate your opinion