The Data Protection (Jersey) Law 2018 (DPJL) is based around six principles of ‘good information handling’ (the Principles). These principles give people (the data subjects) specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it.
The Principles are at the core of the responsibilities placed upon controllers and processors. Whilst compliance with each Principle must be met, they are inextricably linked and therefore should not be read in isolation. Both controllers and processors must ensure that the processing of personal information/data complies with the data protection principles (Article 8 DPJL).
This section looks at the Data Security, Integrity and Confidentiality Principle. Personal data must be processed in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
