Transferring people’s data outside the Bailiwick

If you are based in the Bailiwick of Guernsey and process data about, or related to, people you need to be aware of your legal obligations under the Data Protection (Bailiwick of Guernsey) Law, 2017 including if you are considering transferring any data outside of the Bailiwick.
What is a ‘data transfer’? 
A ‘data transfer’ occurs when you send people’s data outside of the Bailiwick, for example by using online products or services such as Mailchimp (US-based) to send your subscribers a newsletter, or communicating with your customers via your organisation’s Facebook page, or employing a company in another jurisdiction to provide customer services.

'Data transfer' or 'data sharing'? 
‘Data transfers’ and ‘data sharing’ are different things. Data transfers are related to geographical location of data, how it is given and moved around. Data sharing commonly relates to an organisation giving a third party access to data or otherwise making personal data available to them.  

Data transfers outside of the Bailiwick 
If you are considering transferring personal data out of the Bailiwick, you need to be aware of the specific requirements for the following types of jurisdictions:   
  1. EU and EEA member States / 'Adequate' third countries.
  2. Rest of the world.
The specific rules that apply will depend on where you are proposing to send data. See more detailed guidance here: 
  Please note: The statutory mechanisms for transferring personal data under the Law Enforcement Ordinance differs to those offered by the Law. When processing personal data for a Law Enforcement purpose under the Law Enforcement Ordinance please consult sections 43 to 47 of the Ordinance

Questions?
We know that you may have questions about your specific circumstances. We would encourage you to discuss this issue with your data protection officer or legal advisor in the first instance, or you can Contact Us for further information.