In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 26 February 2020
The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law)
Controller: The Policy and Resources Committee
1. The Data Protection Authority for the Bailiwick of Guernsey (the Authority) has determined that The Policy and Resources Committee (the controller) has breached section 12(3) of the Law.
2. The Authority finds that The Policy and Resources Committee, did not provide the data subjects participating in The Committee for Home Affairs Governance Review Report, titled ‘Meeting the challenge: towards better governance’, the schedule 3 information as required by the Law.
3. This led to four individuals lodging formal complaints about The Policy and Resources Committee to the Authority under section 67 of the Law.
4. The Authority finds that The Policy and Resources Committee did not provide the complainants with the information they had a right to be given, before or at the time, their personal data was collected as part of a review of committee governance.
5. The Authority is therefore satisfied that The Policy and Resources Committee failed to comply with section 12(3) relating to “Right to information for personal data collected from data subject”.
6. The Authority is clear that where organisations do not take their legal responsibilities to provide data subjects with such information as required by the Law, consideration will be given to the appropriate sanction including the issuing of a fine.
7. In this case, the Authority has identified the following mitigating factor –
– An early admission was made by The Policy and Resources Committee that they had failed to provide the data subjects with the schedule 3 information as required by the Law.
8. In this case, the Authority has also identified the following aggravating factor –
– A lack of co-operation by The Policy and Resources Committee as evidenced by its repeated failure to answer a question posed, leading to a significant delay in drawing the investigation to a conclusion.
9. Considering the above factors, the Authority has, by written notice to The Policy and Resources Committee, imposed a formal Reprimand.
(a) a reprimand,
(b) a warning that any proposed processing or other act or omission is likely to breach an operative provision, and
(c) an order under subsection (2) including an administrative fine.