GUIDANCE ON REGISTRATION

If you are new to this, please do not worry. We have produced a range of resources to help you:
Please read the resources below and contact us if you need any clarification. 

Our regulated community* is incredibly diverse: anyone who is working with data about people is 'captured' by the local data protection law. So we have tried our best to keep our guidance as broad as possible, and as relevant as possible. 
 

* this includes entities like: landlords, taxi drivers, sports' clubs, builders, residents' associations, charities, schools, small businesses, government, to large multinational organisations (in short: anyone who works with personal data). 

Please note:
If you are brand new to all this you may find it helpful to keep this page open in a separate browser window in case you need to refer to it whilst you are in the Registrations Portal

 

  • If you want a detailed overview with all the key questions answered, please read this guide carefully and contact us if you have any follow up questions. 

    Here is a step-by-step video walkthrough of how to complete a new registration with us. 

  • Registration with us changed at the start of 2021, what is it all about and what does it mean for you?
    Listen to this podcast (recorded in late 2019) to hear the Bailiwick of Guernsey’s Data Protection Commissioner Emma Martins explain to Kirsty Bougourd the main changes to registration and how it’s really just the first step in a journey towards looking after personal data well.

  • Watch this step-by-step video of how to complete a new registration - it will guide you through some areas you may not be familiar with. 
  • Controller: any entity* who is responsible for the decisions made about why and how they use personal data about staff, customers, suppliers, or any other people. Note: if you are an individual employee of a organisation you would be usually considered to be part of the controller. 

    Processor: any entity* that is given the task of processing personal data by a controller. Processors do not determine the nature or the means of the processing, they just do what the controller tells them to do. If you are part of such an arrangement you need to have in place a Controller/Processor agreement. 

    * in either case, this entity would normally be an organisation, but it could be a specific human being (e.g. sole traders, landlords, elected officials etc).

    Note: you could be both
    It is not always straightforward to determine whether you are a controller or processor. For some processing you may be the controller (e.g. handling your own staff records), but you may be a processor for other processing (e.g. when another organisation instructs you to perform a task) – it all depends on who is making the decisions about how any given data is used.

    For a fuller explanation please see Question 9 in this Guide, or listen to this short podcast (14 mins).  

  • You are ‘established’ in the Bailiwick of Guernsey if you are a controller, processor or other person (including legal person) that: 

    • is a Guernsey person, Alderney person or Sark person,
    • maintains in the Bailiwick: 
      (i) an office, branch or agency through which the person carries on an activity, or
      (ii) a regular practice,
    • causes or permits any processing equipment in the Bailiwick to be used for processing personal data otherwise than for the purposes of transit through the Bailiwick, or
    • is engaging in effective and real processing activities through stable arrangements in the Bailiwick
       
    Please read this guidance document to help determine whether you are ‘established’ in the Bailiwick of Guernsey for the purposes of the Law, and therefore if you have to register or not. 

  • This depends on whether you are working with people's data, please see our 'I don't think I need to register' page for further details

  • If you only have data for your own personal use, for things such as sending Christmas cards or taking pictures for your own enjoyment, the Law does not apply to your processing. 

    If you are uncertain about whether your processing falls within this personal/household definition, we have published this short guidance note with some criteria which may assist you in working out whether you are exempt. 

  • These are organisations registered with and/or regulated by the Guernsey Financial Services Commission (GFSC) who are authorised to declare, and pay the levies for, other controllers or processors.

    To find out more about paying your fee via an LCA (or becoming one yourself) please read this guidance document.

    If you are an established LCA and you just need a template Certificate of Exemption on its own you can find one here - please ensure you have read and understood the LCA guidance document before using this template.

  • This will depend on your specific circumstances, but to help you the Guernsey Investment & Funds Association (GIFA) produced this guidance note.

  • It depends on each administered entity's status, please refer to this detailed guidance note in the first instance. 
     

  • It depends on each administered entity's status, please refer to this guidance note, produced by the Guernsey Association of Trustees in the first instance. 

  • Your registration fee allows the ODPA to fulfil its legal and political requirements to operate independently of the States of Guernsey. 

    Ensuring our jurisdiction has a properly resourced and effective data protection regulator supports islanders’ rights, supports businesses to handle data properly and serves to underpin the Bailiwick’s digital strategy. On a practical level this means you benefit from free advice and guidance on matters related to the protection of people's data via:  
     

  • Transferring your registration to someone else is very straightforward, please watch this 145 second video which walks you through the steps. 

  • For reference, please see the definition within Schedule 1D of The Data Protection (General Provisions) (Bailiwick of Guernsey) Regulations, as follows:

    "Full time employee can mean either:

    a) an employee who works or who under a contract of service is required to work for the employer 27 hours or more per week, or

    b) a number of employees who do not individually fall within subparagraph (a) but who collectively work or who collectively under their contracts of service are required to work for the employer, 27 hours or more per week in the aggregate

    2. An individual who works or who under his contract of service is required to work for an employer is to be regarded as an employee of the employer whether the contract of service the individual has entered into or works under was made with the employer or, where the employer is a company, with an associated company of the employer.

    3. For the avoidance of doubt –

    (a) the hours worked by an employee includes any hours worked wholly or mainly outside the Bailiwick of Guernsey,

    (b) a director of the employer in his capacity as director is not to be regarded as a full time employee of that employer unless the director is, in that capacity, an employee within the meaning of paragraph 1 of this schedule."

    Please note: In respect of a non-Bailiwick entity which maintains a branch or regular practice in the Bailiwick without separate legal personality, the registration fee to be paid would be determined by the total number of FTE employees of the entity, regardless of their location not only those who may be located in the Bailiwick.

    Please note: In respect of an entity that is established in the Bailiwick who employs FTE employees internationally the registration fee to be paid will be determined by the total number of FTE employees of the entity, regardless of their location not only those who may be located in the Bailiwick.