Sponsored content
AS 2025 draws to a close, it feels like an appropriate moment to pause and reflect. Data protection has never been a static discipline, but this year marked a noticeable shift in pace, tone and expectation.
For organisations, regulators and practitioners alike, 2025 has been a year in which data protection has moved even further from theory into day-to-day operational reality.
From Propelfwd’s perspective, it has been one of our busiest and most rewarding years to date. We have seen growth not only in our team and client base, but also in the maturity of conversations organisations are now having about accountability, risk and trust.
One of the most significant developments in Jersey this year was the issuance of the first two financial penalties by the Jersey Office of the Information Commissioner. While enforcement has always existed as a possibility under the Data Protection (Jersey) Law 2018, the reality of monetary fines being imposed brought a clear message to the market: data protection is not optional, and governance failures will carry real consequences.
In both cases, the issues were not about obscure technical breaches but about fundamental failures in governance, oversight and basic compliance expectations. These were sobering reminders that good intentions are not enough without proper structure, documentation and leadership.
At the same time, 2025 has been a year of growth for Propelfwd itself. We expanded from a team of six to ten, bringing in new skills, perspectives and capacity. That growth has been driven entirely by demand. Organisations are no longer asking whether data protection matters; they are asking how to do it properly, sustainably and in a way that supports their operations rather than hinders them.
Over the course of the year, we supported clients with more than 60 Data Subject Access Requests and Freedom of Information requests. These ranged from straightforward employee requests to complex, high-volume exercises linked to disputes, historic records and sensitive subject matter. What has become increasingly clear is that data rights are now a normal part of organisational life. They are no longer rare or exceptional events, and the ability to handle them calmly, lawfully and proportionately is fast becoming a core operational skill.
We were also fortunate to welcome a number of new clients into the Propelfwd family in 2025. Working with organisations such as Moore Stephens, Jersey Opera House, the JSPCA, Caring Cooks and the BCR Group has reinforced something we see time and again: data protection challenges cut across all sectors. Whether you are a professional services firm, a cultural institution, a charity or a law firm, the underlying principles are the same. What changes is the context, the risk profile and the practical application.
Beyond Jersey, the wider data protection landscape has continued to evolve. The Data (Use and Access) Act 2025 has begun to reshape thinking in the UK, signalling a shift in emphasis towards data use, innovation and proportionality, while still anchoring itself in core rights and safeguards. At the same time, the rollout of the EU AI Act has added an entirely new dimension to compliance conversations, even for organisations not directly regulated by it.
Although Jersey is not subject to the EU AI Act, it would be a mistake to dismiss it as irrelevant. The act has quickly established itself as a global benchmark for the ethical and responsible use of artificial intelligence. Many Jersey organisations operate internationally, serve EU residents or simply want to align themselves with best practice. Increasingly, we are advising local organisations to treat the EU AI Act not as a distant regulation but as a useful framework for thinking about risk, transparency and accountability.
Artificial intelligence itself has been one of the defining themes of 2025. The conversation has moved rapidly from experimentation to implementation. AI is no longer confined to innovation teams or IT departments. We are seeing it used for meeting notes, recruitment screening, customer service, content creation, internal analytics and decision support. The pace of change has been extraordinary, with developments moving from generative AI to agentic systems that can act, decide and adapt with minimal human intervention.
With that pace comes increased risk. One of the consistent messages we have shared with clients this year is a simple one: slow down. This is not because AI is something to fear, but because the fundamentals of data protection still apply. Lawfulness, fairness, transparency, data minimisation, purpose limitation and accountability have not disappeared just because the technology is new.
At Propelfwd, we strongly recommend that organisations carry out Data Protection Impact Assessments before deploying AI tools that involve personal data. A DPIA is not a box-ticking exercise. It is a roadmap. It forces organisations to think clearly about what data is being used, why it is needed, how decisions are being made and what risks exist for individuals. In the rush to “get AI working”, DPIAs are often overlooked, but they remain one of the most effective tools for demonstrating accountability and building trust.
This year was also a personal milestone for me. After completing my LL.M dissertation last year, I felt a strong urge to continue writing, but this time not for an academic audience. That led to the publication of my book, Navigating Data Protection: A Straightforward Roadmap to Compliance.
The book is not a technical legal text and does not delve into case law or regulatory judgments. Instead, it reflects the journeys I see organisations – including SMEs, charities, sports clubs, shops and growing businesses – take every day, as they try to work out where to start. There is no such thing as perfect compliance, only progress, and the book is intended to help readers get on the right track in plain, accessible language. Seeing it reach readers through Amazon and bookshops has been both humbling and immensely rewarding.
Looking to 2026, there is much to be excited about. Propelfwd will be moving into new offices, with 2,000 square feet of space designed to support further growth and collaboration. Our training offering is also evolving. We are redesigning our courses to make them more role-specific and sector-focused, recognising that what HR needs from data protection training is very different from what frontline staff or senior leadership require.
We are starting the year with a three-day Data Protection Foundation and Practitioner course running from 21 to 23 January, and we would be delighted to speak to anyone interested in attending or arranging bespoke training for their organisation. Education remains one of the most powerful tools in building a culture of compliance, and we are committed to making it practical, engaging and relevant.
As we close out 2025, our gratitude goes to our existing clients for their continued trust, and to those who joined us this year. We are equally excited to welcome new organisations into the Propelfwd family in 2026. Data protection will continue to change, technology will continue to evolve and regulation will continue to respond but the core principles remain the same. Protect people, respect their data and build systems that deserve trust.
That is as true now as it will be in the years to come.
