At the heart of data protection are the 10 rights of the individual whose personal data is being processed.
Surrounding that person are these seven principles, outlined in The Data Protection (Bailiwick of Guernsey) Law, 2017 which all local organisations are legally obliged to adhere to:
An organisation's duties all flow from the seven principles listed below.
Because the law is principles-based, there isn’t a helpful set of precise rules for you to follow (e.g. ‘you must delete data after x number of years’). But the good news is that in many cases you are free to make your own decisions about how you apply the principles to your activities.
The key thing is to get to know your own data processing practices, the Law and its principles (below) as well as you can, keep protection of individuals’ rights at the heart of what you do, and document your decision-making.
You must have a valid legal reason for processing personal data. You must obtain it without deceiving the person whose data it is, and you must make it clear exactly how you are going to use their data.
You must only use personal data for the reason (or reasons) you have told the person you are using it for.
You must only ask for the minimum amount of personal data necessary from the person.
You must ensure that any personal data you hold is accurate and where necessary, up-to-date.
You must not keep personal data for longer than you need it for.
You must keep personal data safe so that it doesn’t get accidentally deleted or changed, or seen by someone who is not allowed to see it.
This is the big one, the foundation which the other six principles rest on (see graphic above). You must be able to evidence your accountability by showing how you take responsibility for what you do with people's data.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by & Indulge
© 2024 The Office of the Data Protection Authority.