In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
At the heart of data protection are the 10 rights of the individual whose personal data is being processed.
Surrounding that person are these seven principles, outlined in The Data Protection (Bailiwick of Guernsey) Law, 2017 which all local organisations are legally obliged to adhere to:
An organisation's duties all flow from the seven principles listed below.
Because the law is principles-based, there isn’t a helpful set of precise rules for you to follow (e.g. ‘you must delete data after x number of years’). But the good news is that in many cases you are free to make your own decisions about how you apply the principles to your activities.
The key thing is to get to know your own data processing practices, the Law and its principles (below) as well as you can, keep protection of individuals’ rights at the heart of what you do, and document your decision-making.
You must have a valid legal reason for processing personal data. You must obtain it without deceiving the person whose data it is, and you must make it clear exactly how you are going to use their data.
You must only use personal data for the reason (or reasons) you have told the person you are using it for.
You must only ask for the minimum amount of personal data necessary from the person.
You must ensure that any personal data you hold is accurate and where necessary, up-to-date.
You must not keep personal data for longer than you need it for.
You must keep personal data safe so that it doesn’t get accidentally deleted or changed, or seen by someone who is not allowed to see it.
This is the big one, the foundation which the other six principles rest on (see graphic above). You must be able to evidence your accountability by showing how you take responsibility for what you do with people's data.