The changes are designed to give people greater control over their details and require data controllers and processors to protect and use people’s information appropriately.
As the EU’s General Data Protection Regulations will restrict the transfer of personal data to jurisdictions outside the EU unless they have adequate data laws, Chief Minister Ian Gorst said in the States last week that the new laws were ‘essential’ to show businesses that the Island observed best practice.
Under GDPR, firms could face fines of up to 20 million euros if they breach regulations, such as by holding too much information about their clients or losing data through cyber-attacks or leaks.
The States also approved a new independent Data Protection Authority to replace the Office of the Information Commissioner. The authority will have the power to impose administrative fines.
Senator Gorst said: ‘This will be a shift for the authority to one that proactively educates and investigates. It will strengthen Jersey’s reputation as having a well-regulated, business-friendly data protection regulation.
‘Data protection is a most important matter, not something that can be worried about later.’
The proposition stated that the annual running costs of the authority compared with the existing Office of the
Information Commissioner regulator would rise by an estimated £1.1 million, to £1.65 million per annum.
Both of the proposals were adopted unanimously.