The Office of the Data Protection Authority (ODPA) has published three new updates to help protect people’s data when it is transferred outside of the Bailiwick of Guernsey.
A ‘data transfer’ occurs when you send people’s data outside of the Bailiwick, for example by using online products or services such as Mailchimp (US-based) to send your subscribers a newsletter, or communicating with your customers via your organisation’s Facebook page, or employing a company in another jurisdiction to provide customer services.
The Bailiwick has high standards of protection of people’s data, thanks to the local data protection law which is considered essentially equivalent to the European Union’s data protection legislation. However, many jurisdictions around the world do not offer the same legal protections. This mismatch of legal protections means that anyone working with people’s data in the Bailiwick must take special care whenever they transfer that data to areas of the world where there is less protection.
The updated guidance and resources published by the ODPA has been produced to help local organisations and businesses navigate the very complex legal landscape around data transfers:
The Bailiwick’s Data Protection Commissioner, Emma Martins, commented on the updates,
Find out more about transferring people's data outside the Bailiwick
“It’s important to recognise that the legal landscape around data transfers is incredibly fast-moving, and can be complex. The first step is always to understand what data you have and where that data are located. It is essential for all organisations to understand the risks as well as the opportunities around data transfers. We must all be proactive in ensuring people’s data continues to be looked after if it leaves the Bailiwick. The people whose data it is retain their legal rights over it, and your organisation remains responsible for ensuring it is protected.”