data protection & the gdpr - … · chambers . topics •background & data protection...
TRANSCRIPT
DATA PROTECTION & THE GDPR:
What does it mean for Jersey?
Advocate Vicky Milner
08.03.17
www.callingtonchambers.com
CALLINGTON CHAMBERS
Topics
• Background & data protection essentials
• General Data Protection Regulation
• Opportunities & action points
• Questions
CALLINGTON CHAMBERS
“Either we own political technologies or
they will own us.”
George Monbiot, The Guardian, 06.03.17
CALLINGTON CHAMBERS
Bet they don’t think
it’s boring…
• Ashley Madison
• TalkTalk
• AdultFriendFinder
CALLINGTON CHAMBERS
European Convention
on Human Rights (“Convention”)
• 1953: Convention brought into force by Council
of Europe, following end of WWII and in
response to growth of communism
CALLINGTON CHAMBERS
Article 8: Right to respect
for private and family life
1. Everyone has the right to respect for private
and family life, home and correspondence.
2. There shall be no interference by a public
authority with the exercise of this right…
Save in accordance with the law
CALLINGTON CHAMBERS
Data protection law
• Rights of individuals re their personal
information (“personal data”) held, stored or
processed by another
• Inc information about religious and political
beliefs, health and criminal convictions
(“sensitive personal data”)
• Limits on transfers of data to other jurisdictions,
which must provide an “adequate level of
protection”
CALLINGTON CHAMBERS
Data protection law
Those responsible must ensure that data is:
• used fairly and lawfully, for specific stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate and kept for no longer than is absolutely necessary
• kept safe and secure
• not transferred outside EEA without adequate protection
CALLINGTON CHAMBERS
Data protection law
in Jersey
• Legislation in place since 1987
• Current law: the Data Protection (Jersey) Law
2005
• Adequacy:
“The Commission has…recognized Andorra,
Argentina, Canada (commercial organisations),
Faeroe Islands, Guernsey, Israel, Isle of Man,
Jersey, New Zealand, Switzerland and Uruguay as
providing adequate protection.”
CALLINGTON CHAMBERS
General data protection
regulation (“GDPR”)
Updated legislation
harmonise data protection law across the EU
allow the digital economy to develop across the
single market
put individuals in control of their own data
greater legal certainty
right to request rectification/erasure
CALLINGTON CHAMBERS
GDPR compliance
(1) Maintaining “adequacy”
(2) Far-reaching geographical scope of GDPR
(“extra-territorial effect”)
CALLINGTON CHAMBERS
GDPR and Jersey
GDPR applies to:
• Activities of an establishment in the EU
– wherever the processing actually takes place
• Processing of EU data subjects by an entity:
– Offering goods or services within the EU; or
– Monitoring behaviour within the EU
Jersey to introduce its new law in 2018
CALLINGTON CHAMBERS
Main changes inc:
• Controllers and processors
• Record keeping
• Co-operation with regulator
• Notification
• Data Protection Officer (“DPO”)
Why should you care?
• Regulation
– Local legislation likely to echo the GDPR
• Managing risk
• Opportunities
Penalties
• Two-tier approach envisaged in the GDPR
o 2% of global annual turnover (for
undertakings) or €10m
o 4% of global annual turnover for the
preceding year (for undertakings) or €20m.
• Direct penalties under new Jersey law: under
review; details TBC
CALLINGTON CHAMBERS
Opportunities CALLINGTON CHAMBERS
• New technology and systems (“privacy by
design”)
• Differentiating businesses and Jersey from
competitors
• New services/Data Protection Officer (DPO)
Action points CALLINGTON CHAMBERS
Take responsibility
Review policies and procedures
Inform
Audit
Get ready for 2018; designate a DPO
Educate
https://ico.org.uk/
Contact us CALLINGTON CHAMBERS
Advocates Vicky Milner & Davida Blackmore
Callington Chambers
T: (00 44) 1534 510250
W: www.callingtonchambers.com
Follow us on Twitter: www.twitter.com/callington_law