If you are based in the Bailiwick of Guernsey and process data about, or related to, people you need to be aware of your legal obligations under the Data Protection (Bailiwick of Guernsey) Law, 2017 including if you are considering transferring any data outside of the Bailiwick.
What is a ‘data transfer’?
A ‘data transfer’ occurs when you send people’s data outside of the Bailiwick, for example by using online products or services such as Mailchimp (US-based) to send your subscribers a newsletter, or communicating with your customers via your organisation’s Facebook page, or employing a company in another jurisdiction to provide customer services.
'Data transfer' or 'data sharing'?
‘Data transfers’ and ‘data sharing’ are different things. Data transfers are related to geographical location of data, how it is given and moved around. Data sharing commonly relates to an organisation giving a third party access to data or otherwise making personal data available to them.
Data transfers outside of the Bailiwick
If you are considering transferring personal data out of the Bailiwick, you need to be aware of the specific requirements for the following types of jurisdictions:
EU and EEA member States / 'Adequate' third countries.
Rest of the world.
The specific rules that apply will depend on where you are proposing to send data. See more detailed guidance here:
We know that you may have questions about your specific circumstances. We would encourage you to discuss this issue with your data protection officer or legal advisor in the first instance, or you can Contact Us for further information.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance