The Bailiwick of Guernsey and Jersey have achieved the significant milestone of being confirmed by the European Union as having proportionate, robust and well-implemented privacy laws for islanders and businesses.
Achieving ‘EU data adequacy status’ confirms that both Bailiwick of Guernsey and Jersey are leading jurisdictions for safe and secure data.
It means that EU Member States and institutions view their legislative framework as ensuring an adequate level of protection – comparable to that of EU Member States – for the safe flow of data between them and the EU.
In its report regarding the functioning of adequacy decisions, the European Commission found that Jersey and Guernsey, (as well as Andorra, Argentina, Canada, Faroe Islands, the Isle of Man, Israel, New Zealand, Switzerland and Uruguay) continue to ensure an adequate level of protection for personal data transferred from the European Union within the scope of the General Data Protection Regulation (GDPR).
A negative outcome would have resulted in additional safeguards being required before data could be shared with EU Member States, as required by the EU’s General Data Protection Regulation (GDPR).
Therefore, achieving data adequacy is a significant achievement for Guernsey and Jersey as ‘third countries’ to the EU, which as part of the assessment process had to demonstrate how the higher data protection standards contained within the GDPR are met. The assessment process focussed on both the contents of legislation and practical implementation across the jurisdictions.
Deputy Rob Prow, President of the Committee for Home Affairs, which oversaw the process for the Bailiwick, said: “Our Committee is delighted to have been able to secure this significant achievement and I am very grateful for all of the work that has been undertaken by the public and private sectors in securing this data adequacy decision, led by the States of Guernsey’s Data Protection team in collaboration with St James’s Chambers. The importance of this outcome should not be understated, as it both allows our many businesses that work across the EU to continue sharing data seamlessly without any additional restrictions and reassures islanders that their personal data is protected in our robust, proportionate and well-implemented regime.”
Richard Thomas, Chairman of the Data Protection Authority, said: “The Adequacy decision is based on both the substance of the Bailiwick’s Data Protection Law and how it is enforced in practice. We can all be very proud that the independence and the effectiveness of Guernsey’s data protection regime has been recognised in this way.”
Jersey Information Commissioner Paul Vane said: “As Jersey is considered a ‘third country,’ this decision is of huge importance to Jersey and will provide significant comfort to local organisations who rely on transfers of personal data between Jersey and the EU to participate and survive in today’s global digital world.
“Having ‘adequacy status’ from the European Commission demonstrates that Jersey is considered to have a robust data protection regime that provides the highest level of data protection to individuals. But also, importantly for the business community, it means that personal data can continue to flow freely between Jersey and Europe whilst ensuring the data is protected to a high standard. It is now critical that we maintain those high standards to ensure the ongoing protection of our Islanders and local businesses alike so we are fully able to deal with the challenges that lie ahead arising from a rapidly changing digital and technological landscape.”