Published: 26 February 2020
The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law)
Controller: The Policy and Resources Committee
1. The Data Protection Authority for the Bailiwick of Guernsey (the Authority) has determined that The Policy and Resources Committee (the controller) has breached section 12(3) of the Law.
2. The Authority finds that The Policy and Resources Committee, did not provide the data subjects participating in The Committee for Home Affairs Governance Review Report, titled ‘Meeting the challenge: towards better governance’, the schedule 3 information as required by the Law.
3. This led to four individuals lodging formal complaints about The Policy and Resources Committee to the Authority under section 67 of the Law.
4. The Authority finds that The Policy and Resources Committee did not provide the complainants with the information they had a right to be given, before or at the time, their personal data was collected as part of a review of committee governance.
5. The Authority is therefore satisfied that The Policy and Resources Committee failed to comply with section 12(3) relating to “Right to information for personal data collected from data subject”.
6. The Authority is clear that where organisations do not take their legal responsibilities to provide data subjects with such information as required by the Law, consideration will be given to the appropriate sanction including the issuing of a fine.
7. In this case, the Authority has identified the following mitigating factor –
– An early admission was made by The Policy and Resources Committee that they had failed to provide the data subjects with the schedule 3 information as required by the Law.
8. In this case, the Authority has also identified the following aggravating factor –
– A lack of co-operation by The Policy and Resources Committee as evidenced by its repeated failure to answer a question posed, leading to a significant delay in drawing the investigation to a conclusion.
9. Considering the above factors, the Authority has, by written notice to The Policy and Resources Committee, imposed a formal Reprimand.
Legal Framework
(a) a reprimand,
(b) a warning that any proposed processing or other act or omission is likely to breach an operative provision, and
(c) an order under subsection (2) including an administrative fine.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by & Indulge
© 2024 The Office of the Data Protection Authority.