There is an exception under the Law for what members of the public do in their personal lives that involves personal data. But it can be complicated to define where the boundary of the exception is, here's more context:
Data protection laws do not apply to what members of the public choose to do with data in the course of their private lives, and in their domestic affairs (as long as it’s not a criminal offence). So if you have an address book of who you send Christmas cards to, for example, you would not need to worry about adhering to the law around its use.
The challenge is to know where the boundaries are between what activities are exempt because they are carried out for domestic/household purposes, and activities that perhaps stray into territory where the law does apply. There is not necessarily a clear cut line between the two.
To help you work out where the boundaries between these two areas are: exempt (domestic/household use of data) vs. not exempt (organised use of data), it may be helpful to ask yourself these questions in relation to what you’re doing:
Are you doing something that results in personal data being shared with an indefinite number of people (rather than to a limited community of friends, family members or acquaintances)?
Are you sharing personal data about people who you have no personal or household relationship with?
Are you doing something with an apparent purpose, scale and frequency which suggests professional activity?
Are you working with others in a collective and organised manner?
Are you doing something that could have an adverse impact on people, including intrusion into their privacy?
If you answer ‘yes’ to any of these questions this may indicate that what you’re doing is not exempt.
But it is important to note that none of these criteria are, in themselves, necessarily determinative.
A combination of factors may be used to determine whether or not particular processing falls within the scope of personal, family or household processing in the event of any uncertainty.
If you have questions about this please do contact us and we'd be happy to discuss your circumstances.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace
Receive regular information and statistics related to our activities and governance