‘I don’t think I need to register’

Think you don't need to register with us? Read our Q&A below.
We often get asked whether someone needs to register, so to make this as clear as possible, below are the three criteria (we call this the 'registration trinity').
If you meet all three criteria you are required to register: 


1. You (whether you are a sole-trader, legal person, organisation, business, charity, landlord, business association etc) are established in the Bailiwick of Guernsey. 
2. You are working with personal data (i.e. any information that may identify individual people, such as your staff members, your clients, your business contacts, your service users, your tenants etc.) 
3. The activity you are performing is not part of your personal/household affairs. 

If you meet the three criteria above then The Data Protection (Bailiwick of Guernsey) Law, 2017 requires you to either register with the Office of the Data Protection Authority directly or use a Levy Collection Agent and pay an annual levy.

There are very few exceptions to the requirement to register, here are some of the common reasons people give when they think they don’t need to register, along with a response:  

 

  • You are considered ‘established’ in the Bailiwick of Guernsey if you are a controller, processor or other person (including legal person) that: 

    • is a Guernsey person, Alderney person or Sark person,
    • maintains in the Bailiwick: 
      (i) an office, branch or agency through which the person carries on an activity, or
      (ii) a regular practice,
    • causes or permits any processing equipment in the Bailiwick to be used for processing personal data otherwise than for the purposes of transit through the Bailiwick, or
    • is engaging in effective and real processing activities through stable arrangements in the Bailiwick
    Please read this guidance document to help determine whether you are ‘established’ in the Bailiwick of Guernsey for the purposes of the Law, and therefore if you have to register or not. 

  • The data protection law only applies if you have any information about (or related to) identifiable people in: 

    • a hard copy filing system*,
    • in hard copy form with the intention of storing it in a hard copy filing system, or
    • in electronic form 
    If you don’t then you don’t need to register with us.  

    So, if you have hard copy data in a form which is organised by any form of referencing, making it easy to locate information about certain individuals, or if you have any information about individuals in electronic form, then you are likely to fulfil the requirements to register. 

    * filing system – any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis 
     

  • If you only have data for your own personal use, for things such as sending Christmas cards or taking pictures for your own enjoyment, the Law does not apply to your processing. 

    If you are uncertain about whether your processing falls within this personal/household definition, we have published this short guidance note with some criteria which may assist you in working out whether you are exempt.  

  • The process of registering with us changed at the start of 2021, so any registrations made prior to that date have not been carried over and you will need to complete a new registration. 

    The difference you need to be aware of is that under the previous registration and fees regime, you could register at any point in the year and your registration would then have been valid for 12 months from the date of registration. Whereas now, due to changes to the law, everyone must register/renew and pay their annual levy during January-February of each year.

     

  • If you do not have any personal data (don’t forget that includes information about staff and clients) in respect of your own organisation, but you do process it on behalf of another organisation, you are a 'processor' under the Law.

    Although this means that you do not have many of the statutory obligations of a controller, you do still need to register and pay an annual levy. 

  • If you have authorised an ODPA Levy Collection Agent (LCA) to pay your annual levy, you do not need to register directly with the ODPA.

    But remember, you retain full legal responsibility for how you use people’s data, and you are still obliged to meet your legal duties under data protection law.  
     
    You do need to make sure that you have a valid Certificate of Exemption (which your LCA must provide you) which you may be asked to show to the ODPA. 

    Find out more about the role of an LCA here

  • If you are a not-for-profit organisation (as defined in section 4(1) of The Charities and Non Profit Organisations (Enabling Provisions)(Guernsey and Alderney) Law, 2009 you do need to register with the ODPA and meet your legal duties under data protection law. 

    But you will not need to pay an annual levy. 

    • If you have established a new business/organisation this year, you do not need to register until next year*
    • Please diarise to come back during next year's registration window: 1 January – end of February to register and make your annual payment.
    • You may also wish to sign up to our newsletter as we will include reminders as the registration period approaches. 
    • In the meantime, please continue to work on compliance to ensure you are taking steps to meet your other legal duties under The Data Protection (Bailiwick of Guernsey) Law, 2017.
    * unless you answer yes to any of these four questions: 
    1. Do you employ 50+ Full Time Equivalent (FTE) staff?
    2. Are you required by law to appoint a Data Protection Officer?
    3. Do you act as an ODPA Levy Collection Agent?
    4. Are you a non-profit organisation (States of Guernsey Deputies are included under ‘non-profits’)?

    If you answer yes to any of the above questions you must register directly with the ODPA when you first set up your business. Please see question 15 in the Everything you need to know about ODPA Registration & Levy Regime for more detail. 

  • The ODPA endeavours to support the regulated community in respect of their statutory registration duties.

    Where an individual or organisation knowingly and wilfully fails to comply with any element of the Law, including registration and levy duties, this may be considered an offence and the ODPA has the power to take action and recover unpaid levies. 

    If you would like to know more about this approach please see: Registration and Levy Duties – Regulatory Approach Summary