In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
If you use personal data in your work you are legally obliged to register here during 1 Jan - 28 Feb.
More details at odpa.gg/2021.
Published: 2 September 2020
The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law)
Public Statement
Issued: 09:00 2 September 2020
Controller: Sure (Guernsey) Limited
1. This is a public statement made by the Data Protection Authority (the Authority) under section 64 of The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law).
2. The Law seeks to ‘…protect the rights of individuals in relation to their personal data, and provide for the free movement of personal data…’, and the Authority is the independent regulatory body responsible for overseeing it.
3. Following an inquiry conducted under section 69 of the Law, the Authority determined that Sure (Guernsey) Limited breached the Law in relation to its collation and publication of The Bailiwick of Guernsey Telephone Directory 2019/2020.
4. The Authority has fined Sure (Guernsey) Limited £80,000 for a lack of transparency as to how personal data was to be processed and for publishing personal data which contained inaccuracies and in some cases was contrary to subscribers’ wishes.
5. Sure (Guernsey) Limited has the right to appeal this fine.
6. The Authority confirmed that the Law requires all fine monies to be paid to the States of Guernsey’s general revenue account.
7. Chairman of the Authority, Richard Thomas CBE, commented:
“This is the first fine that the Data Protection Authority has imposed under the new Law. It was unanimously agreed by all members of the Authority. Although this fine is substantially lower than the maximum which the Law permits, we hope it will bring home the importance of taking great care with people’s personal information.”
8. The Bailiwick’s Data Protection Commissioner, Emma Martins, commented:
“The data protection law provides organisations with a range of accountability tools to ensure appropriate technical and organisational measures are in place including being prepared to deal swiftly and effectively with any breach. In taking this action, the Authority has responded appropriately and proportionately to the evidenced compliance failures. We welcome the positive steps Sure have taken since this incident to ensure better data governance of the personal data in their care.”
For more information please refer to the administrative fine order.
Legal Framework
1. This is a public statement made by the Data Protection Authority (the Authority) under section 64 of The Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law).
2. The Authority may conduct an Inquiry on its own initiative (under section 69 of the Law) into whether a controller or processor has breached or is likely to breach an operative provision of the Law.
3. In this case, the controller is Sure (Guernsey) Limited.
4. Section 72 of the Law requires the Authority to determine whether or not there has been a breach of an operative provision of the Law.
5. Section 73 of the Law sets out the sanctions that are available to the Authority where a breach determination has been made.
6. Having considered the details of this case, the Authority has imposed an administrative fine order under section 73(2)(g) and 74 of the Law.
7. Section 84 of the Law provides for an appeal by the controller to the Court against a determination made by the Authority. Any such appeal must be made within 28 days.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace innovation.
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletter sign-up Privacy Notice Careers Cookies
Website by
&
Indulge
© 2021 The Office of the Data Protection Authority.