This Protocol sets out the internal Corporate Governance arrangements for the Guernsey Data Protection Authority (“the Authority”). The arrangements set out here were adopted by the Authority on 25 May 2018 and were updated in January 2023. They will be kept under review by the Authority.
The Authority is a statutory body created by the Data Protection (Bailiwick of Guernsey) Law 2017 (“the DP Law”) which sets out its responsibilities. Part XI of the DP Law (sections 60-77) sets out the main functions of the Authority and Schedule 6 sets out various provisions about how the Authority must, or may, conduct itself. Schedule 7 sets out information-gathering and other powers.
The DP Law is the ultimate instrument for corporate governance and this Protocol takes effect subject to its provisions. This Protocol has been adopted to achieve maximum clarity about the role and authority of each participant and their inter-relationships. Some (but not all) of the provisions of the DP Law are repeated in this Protocol in more accessible language. Many of the provisions are elaborated, especially where a discretion is available to the Authority.
The Authority and its Board
The Authority currently consists of eight members – the Chairman, six other voting members and the Data Protection Commissioner as a non-voting member. As the governing body, for convenience the members are known as “the Board”.
The Authority, through the Board, carries the ultimate responsibility for the discharge of the responsibilities created by the DP Law. The Authority is the guardian of independence, sets the organisation’s strategic direction, holds the Commissioner to account and provides the Commissioner with advice, support and encouragement. It also responsible for maintaining the high standards expected of a public body.
The Authority is responsible for appointing (or re-appointing) the Commissioner and (subject to stringent limitations) removing a Commissioner from office.
The Authority has certain other specific responsibilities under the DP Law – e.g. producing the Annual Report, employment of staff, maintaining (and reporting on) proper financial accounts and records.
More general areas of responsibility will include:
• periodic adoption of objectives, strategic / business plans and budgets
• review of performance against plans
• regular review of risks facing the Authority
• allocation of resources, including any single item of expenditure in excess of £50,000
• overall financial control
• strategic staffing issues
• major accommodation issues
• service standards and performance measurement
• corporate ethics
• oversight of the Authority’s reputation and standing
• major policy issues or innovations
• consideration of each draft Annual Report, including audited accounts.
Although the distinction is not always easy to draw, Board members – at and between meetings - will aim to focus primarily on strategic and oversight functions, not operational matters. It is the Commissioner who is primarily responsible for day-to-day operations, individual casework and most enforcement decisions.
The Commissioner holds office for a fixed term which may be renewed by the Authority. The Commissioner is a non-voting member of the Authority and attends all meetings of the Board. The Commissioner is supported by the Senior Leadership Team (SLT) whose members normally attend all meetings of the Board.
The Commissioner’s specific responsibilities include:
• acting as Chief Executive of the Authority, providing leadership to ensure its effective and efficient management;
• managing the staff of the Authority and all day-to-day operations of the Authority;
• ensuring propriety of all expenditure;
• ensuring that each year the expenditure of the Authority does not exceed the financial resources available to it; and
• acting as the principal public face of the organisation.
In accordance with Paragraph 6 of Schedule 6 of the DP Law, the Commissioner “may exercise or perform, on behalf of the Authority, and in its name, any function of the Authority other than a reserved function
.” A function exercised or performed by the Commissioner is “deemed for all purposes to have been excised or performed by the Authority
”. This includes fulfilling the (mandatory) duties imposed upon the Authority and exercising any of the (discretionary) powers available to the Authority.
Paragraph 6 is expressed to be “subject to any policies, procedures and specific directions issued by the Authority
”. The Authority has not, however, issued any such policies, procedures or directions to limit the powers of the Commissioner.
Under the DP Law the functions of the Authority which may not be exercised or delegated by the Commissioner are:
• issuing a public statement under section 64 of the DP Law (“…gravity of the matter or other exceptional circumstances
• order to pay an administrative fine;
• making of the Annual Report; or
• any other function specified by the Authority by written notice given to the Commissioner.
Members of staff are employed by the Authority, but recruited and managed by the Commissioner. The Commissioner will consult the Chair of the Authority before proceeding with:
• recruitment of a Deputy Commissioner;
• significant changes to staff terms and conditions, salaries or pension arrangements
• significant disciplinary action;
• dismissal of any member of staff.
The Commissioner may, by written notice, also delegate any specified function to any employee in accordance with the DP Law. This does not require the involvement of the Authority. In accordance with a written Notice of Delegation, the Deputy Commissioner will be able to deputise for the Commissioner and exercise any of her functions. The Deputy Commissioner attends all meetings of the Authority.
Proceedings of the Authority’s Board
In accordance with the DP Law, the Board resolved on 25 May 2018 to meet four
times a year. An annual schedule of meetings will be established.
With a current membership of seven voting members, the quorum for each Board meeting is Four. The DP Law provides that any decision is made by a majority vote, with neither Chair nor Commissioner voting. In the event of a tie the Chair has a casting vote.
An agenda and supporting papers will be circulated to members of the Authority at least one clear week in advance of the meeting. Special arrangements will be made where papers contain personal data or sensitive enforcement or similar information. All matters requiring substantial decisions should usually appear on the agenda and be supported by short papers including the necessary information upon which to base a decision. There may be pressing circumstances where this cannot happen.
At each regular meeting of the Board, the Commissioner or a member of the SLT will normally provide a written or oral report on recent current and prospective activities and issues, and a written report with management accounts to summarise the budgetary situation.
The DP Law requires proper minutes to be kept.
The Code of Practice
for Members covers conduct at meetings, disclosure of interests (at meetings and in a public Register
) and the handling of information, including personal data,
The DP Law also provides that business may be transacted by circulation of papers and that written resolution approved by a majority of voting member is as valid as if passed at a meeting.
The Board has established the following Committees:
- Audit and Risk Committee – which primarily (1) oversees the Authority’s financial reporting processes to ensure the balance, transparency and integrity of financial information, (2) reviews the effectiveness of internal financial controls and (3) reviews the risk management process. Its full role, authority and procedures will be set out in the ODPA Risk and Audit Charter.
- Section 64 Committee - to which (in accordance with Paragraph 14 of Schedule 6 of the DP Law) the Board has delegated power to make public statements under section 64 of the DP Law.
Role of Board Members between regular meetings
If a Board member identifies an issue – whether from Board papers or otherwise – which causes them to have serious concerns, they will normally raise this directly with the Commissioner or Chairman as appropriate as soon as possible.
If a member believes that an issue to be discussed at a regular Board meeting is likely to generate significant controversy which is not obvious (or absent) from the papers, they will aim to alert the Chairman in advance. The Chairman will decide whether/how to alert other members of the Board and the Commissioner according to the circumstances.
Relationship with the Guernsey States of Deliberation
Although some funding is received from the States of Deliberation as a statutory levy in accordance with the DP Law, it is important that the Authority is – and is seen to be – independent from the States. A separate Memorandum of Understanding sets out the relationship between the Authority and the States acting through the Committee for Home Affairs.