In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 16 February 2021
UPDATE (16 February 2021)
The Guernsey Financial Services Commission (GFSC) has updated its cyber security rules and guidance. Highlighting the fact that there is no ‘one size fits all’ approach when dealing with cyber risks, it offers practical guidance and information for licenced institutions.
Reference to the risks around information security and data privacy illustrate the increasing areas of common ground for regulators and the regulated. Whilst the legal framework and strategic aims of the GFSC differ in many ways from those of the ODPA, there are also key areas of mutual concern and interest.
As is increasingly the case in all sectors, data must now be recognised and treated as a key asset; worth looking after because it has value and also because it protects individuals from harm.
UPDATE (2 November 2020)
The ODPA has today responded to the GFSC consultation on cyber security issues and vulnerabilities.
The consultation highlights the importance of understanding and responding to technology risks, including data privacy, for the regulated community. It also illustrates the need to take an organisation-wide approach covering software, system updates, staff training and policies, all of which are vital in ensuring preparedness and mitigating risk.
Where organisations suffer a cyber incident, they may need to notify both the GFSC and the ODPA and we are keen to ensure our local business community is supported in delivering on their obligations. It is our hope that our two regulatory offices can continue to work effectively together to ensure as much clarity and assistance is provided where these reporting requirements apply.
All organisations need to engage with this issue and consider it a priority and we welcome the opportunity to comment and highlight this critical area of all business activity.