Organisations

When you collect personal data from anyone, whether online or offline, you need to ensure that you provide detailed information about how their data is going to be handled. Data Processing and Privacy notices need to be clear and relevant.

Whether you are handling a small or large volume of data, you need to understand the steps that must be taken to ensure compliance.

The Law allows the ODPA to conduct data protection audits. All organisations who handle data should consider conducting their own internal audits at regular intervals.

Before you start to collect or use people's data, you need to identify and document a 'lawful processing condition' (or 'lawful basis') that you can rely on. Doing this is part of your obligation under the 'lawfulness, fairness & transparency' principle. 

You may be required to report a data breach to us. Find out about your responsibilities and how to put in place an effective breach response strategy for your organisations.

With cyber attacks on the rise and phishing attempts ever more sophisticated, here are some recommended actions you can take to keep your organisation’s data safe:

Properly supported DPOs can add a huge amount to any organisation’s compliance standards. For some organisations, there will be a legal requirement to have a DPO. Find out more about this important role here. If you are a DPO we would encourage you to browse our information hub.

4 items

Data Protection Impact Assessments (DPIAs) are an important compliance tool when you are embarking on new processing or making changes to existing processes. In some cases it will a legal requirement.

Data protection compliance will look different for different organisations and it does not lend itself well to a tick box approach. Templates should be used as part of a wider governance programme and will need to be adapted for your own organisation’s needs.

The ODPA Schools Outreach Programme forms part of our strategic plan, and statutory obligation to raise children’s awareness of their rights, and to understand their responsibilities to others.

Find information specific to your sector here, including tools to help raise awareness and engagement.

There are a number of specific areas in the Law that provide for the Authority to be consulted, give approval or accreditation in certain limited circumstances. Some of these areas will be developed further in the months and years ahead and if you have any questions, please do get in touch.

If you are based in the Bailiwick of Guernsey and use data about, or related to, people you need to be aware of legal issues surrounding transferring that data outside of the Bailiwick.

There are many exemptions and exceptions with the Law available to controllers/processors, below is a technical update on these and how they might be applied.