Transferring people’s data outside the Bailiwick

What is a ‘data transfer’? 
A ‘data transfer’ occurs when you send people’s data outside of the Bailiwick, for example by using online products or services such as Mailchimp (US-based) to send your subscribers a newsletter, or communicating with your customers via your organisation’s Facebook page, or employing a company in another jurisdiction to provide customer services.

'Data transfer' or 'data sharing'? 
‘Data transfers’ and ‘data sharing’ are different things. Data transfers are related to geographical location of data, how it is given and moved around. Data sharing commonly relates to an organisation giving a third party access to data or otherwise making personal data available to them.  

Data transfers outside of the Bailiwick 
If you are considering transferring personal data out of the Bailiwick, you need to be aware of the specific requirements for the following types of jurisdictions:   

1. EU and EEA member States / 'Adequate' third countries.
2. Rest of the world.

The specific rules that apply will depend on where you are proposing to send data. See more detailed guidance here: 
 

• The first update, ‘Guidance on International Data Transfers’ is a step-by-step guide to the things you need to think about before you transfer people’s data outside the Bailiwick.
• The second update is ‘Guidance and a self-assessment tool for Transfer Impact Assessments’ that contains a series of questions to help you make a self-assessment of the risk posed by a transfer of someone’s data outside of the Bailiwick of Guernsey.
• Finally, the third update is ‘The Bailiwick of Guernsey Addendum for the EU Commission’s Standard Contractual Clauses (SCCs)’ that is a legal document you can make restricted amendments to in order to protect people’s data by using it in conjunction with the EU Commission’s Standard Contractual Clauses.

Please note: The statutory mechanisms for transferring personal data under the Law Enforcement Ordinance differs to those offered by the Law. When processing personal data for a Law Enforcement purpose under the Law Enforcement Ordinance please consult sections 43 to 47 of the Ordinance. 

Questions?
We know that you may have questions about your specific circumstances. We would encourage you to discuss this issue with your data protection officer or legal advisor in the first instance, or you can Contact Us for further information.