ODPA publishes new Strategic Plan (2023-2026)

Published: 7 February 2023

The Office of the Data Protection Authority (ODPA) has published its Strategic Plan (2023-2026) which outlines its plan to deliver effective and independent data protection regulation for the Bailiwick of Guernsey.

The ODPA consulted the public on its future strategy back in May/June 2022 – and the results of this public consultation fed in to the plan’s development by the Commissioner and the ODPA’s Board Members (who are known collectively as ‘The Data Protection Authority’).  

The new Strategic Plan describes the ODPA’s purpose as protecting people by driving ‘responsible use of personal information’*  through: 
  • Helping organisations get it right;
  • Deterring harmful information handling;
  • Taking enforcement action against significant non-compliance. 
This will bring to life the object of the Data Protection Law – to protect people’s rights in relation to their information and provide for free movement of personal information. It will enhance the prosperity and well-being of the Bailiwick and its citizens. It will support the Bailiwick’s place on the international stage and assist the Islands to embrace and respond to technological and social change. The plan also details specific strategic actions the ODPA plan to take over the coming years in two key areas: education/support, and enforcement

Emma Martins, the Bailiwick’s Data Protection Commissioner, commented: 

“Data protection is an objective of a thriving democracy and successful economy, not an obstacle to it. In setting out our strategic direction, we want to demonstrate our commitment to doing all we can to build on and enhance the work already done. The plan’s publication is just the beginning, because strategy needs to be something that lives and breathes, not simply sits gathering dust on a shelf.”

Download the Strategic Plan (2023-2026) here and read alongside our specific work plan for 2023


*‘Responsible use of personal information’: 
The Data Protection Law has codified the responsible use of personal information through these seven principles:

1. Being clear about how personal information is used, for what purpose and on what legal 
basis (Lawfulness, Fairness and Transparency).
2. Using personal information only for specific, explicit and legitimate purposes (Purpose limitation).
3. Collecting no more information than is needed (Minimisation).
4. Making sure personal information is accurate and kept up to date (Accuracy).
5. Keeping information for no longer than necessary (Storage limitation).
6. Keeping information secure (Integrity & Confidentiality).
7. Being responsible and accountable for how personal information is used (Accountability)