The Office of the Data Protection Authority is the independent regulatory authority for the purposes of The Data Protection (Bailiwick of Guernsey) Law, 2017 and associated legislation.
Our Strategic Plan (2019-2022) explains in more detail our mission, vision and values as well as our strategic aims.
This Website has been designed to help businesses by providing a useful point of reference and guidance, as well as assisting individuals who wish to find out more about the rights available to them, and the ways in which the Commissioner can help.
Should you have any difficulty in obtaining the information you require on this Website, the Commissioner and her team will of course be happy to discuss any issues you may have with you in person.
Annual Report Jan 2017 – May 2018
Annual Report 2016
Annual Report 2015
Annual Report 2014
Annual Report 2012 – 2013
Annual Report 2011
Annual Report 2010
Annual Report 2009
Annual Report 2008
Annual Report 2007
Annual Report 2006
Annual Report 2005
Annual Report 2004
Annual Report 2003
Annual Report 2002
Annual Report 2001
Policy Statements / Strategy
Speaking Engagements (updated version coming soon)
Communicating Enforcement Activities (updated version coming soon)
Data Protection Regulatory Action Policy (updated version coming soon)
Policy Statement and Guidance on Complaint Handling (updated version coming soon)
Strategic Plan (2019-2022)
Functions of the Authority and ODPA
Administer and enforce law 61(1)(a)
Monitor and report 61(1)(b)(e)
Promote public awareness 61(1)(c)
Promote controller/processor awareness 61(1)(d)
Provide information to data subjects 61(1)(f)
Cooperate with supervisory authorities 61(1)(g)
Monitor developments 61(1)(h)
Encourage codes of conduct 61(1)(i)
Record alleged breaches 61(1)(j)
Issue opinions and guidance 63(1)(a)(b)
Issue public statements 64(2)
Develop international cooperation 65
Handle and investigate complaints 67, 68
Conduct inquiries 69
Make determinations – investigations 71
Make recommendations/determinations – inquiries 72
Sanctions following breach 73
Administrative fines 74
Maintain register of controllers/processors 39, Sch 4
Record personal data breaches 42(2)
Prior consultation – high risk processing 45(2)(4)
Prior consultation – high risk legislation 46(1)
Order controller/processor to provide information Sch 7, para 1
Obtain access to premises/material (warrants) Sch 7, para 2
Conduct audits Sch 7, para 9
Approve code of conduct 52
Accredit body to monitor compliance 53
Approve BCRs 55(2)(b)(i), 58
Authorise transfers 57(1)
The Data Protection Authority
The Law creates the independent Data Protection Authority which is tasked with the development and implementation of the new regulatory regime necessary to oversee the requirements of the Law. Comprising a Chair and between four and eight Members, the Authority provides governance to the Office of the Data Protection Authority (ODPA) and is responsible for operations within the ODPA.
|Richard Thomas CBE – Chairman (5 year term commencing May 2018)
Richard was the UK’s Information Commissioner from 2002 to 2009, responsible for enforcement of the Data Protection and Freedom of Information Acts. He was subsequently the Chairman of the Administrative Justice and Tribunals Council and served as a Member of the Committee on Standards in Public Life from 2012 to 2017. In January 2018, he was appointed by the UK’s Prime Minister to the Advisory Committee on Business Appointments.
|Simon Entwisle – voting member (5 year term commencing May 2018)
Simon retired from the UK Information Commissioner’s Office (ICO) in 2018 after 13 years’ service as a member of the ICO Management Board. He was originally the Chief Operating Officer and served as Deputy Commissioner and Deputy CEO, gaining vast experience of data protection. Simon has a clear analytical mind and the ability to understand and effectively communicate complex legislative issues to anyone.
|John Curran – voting member (5 year term commencing May 2018)
John Curran is a former Chief Executive of the Channel Islands Competition and Regulatory Authorities (CICRA) and currently sits on the Board of the Channel Islands Financial Ombudsman and as a non-voting Member on the States of Guernsey Transport Licensing Authority (TLA). John has experience acting within a regulatory model and proven experience in interpreting and applying complex legislation.
|Christopher Docksey – voting member (4 year term commencing May 2018)
Based in Brussels, Christopher has extensive experience in the field of data protection, having worked as Director of the Office of the European Data Protection Supervisor and before that as the Legal Adviser on data protection to the European Commission. He retired in 2018 as Honorary Director General of the EDPS and now teaches and writes extensively on data protection law.
|Mark Lempriere – voting member (4 year term commencing May 2018)
Mark is Guernsey-based and retired as the Chief Secretary to the Committee for Home Affairs in April 2018 where he was instrumental in the strategic development of Guernsey’s data protection legislation. Mark has considerable experience strategically and operationally in the development, compliance and practical enforcement of statutory regimes including the implementation of new legislation and change management.
|Jennifer Strachan – voting member (4 year term commencing May 2018)
Jennifer is based in Guernsey and is currently the Chief Executive of Startup Guernsey. During her career she has held numerous directorial positions involving regulations and compliance as well as with start-up businesses innovating in data management. She has been an adviser in the creation of policies such as the States of Guernsey’s Digital Strategy Framework. Jennifer has demonstrated effective board governance, has experience in strategic planning and development and is comfortable working with a regulatory framework. She has experience in identifying opportunities for improved working which will benefit business, the consumer and the community and is committed to delivering high quality, efficient and cost effective services.
Data Protection Authority – Register of Members’ Interests (last updated December 2018)
Office of the Data Protection Authority
The Data Protection Commissioner is Emma Martins who also assumes the role as Chief Executive for the Authority. The ODPA is the operational body that carries out the regulatory functions of the Law delegated by the Authority. These include recording data breaches, investigating complaints, running education programmes and examining proposed legislation and how it may affect individual privacy. The ODPA strives to empower individuals to exercise their rights as well as to support organisations to meet their compliance requirements and take action where they fall short.
Data Protection Commissioner
Emma Martins has been Data Protection Commissioner for the Bailiwick of Guernsey since 2012. At that time she was also Information Commissioner for Jersey when the Islands created a pan-Island regulatory office. Emma joined the Data Protection Office in Jersey in 2002 in the post of Deputy Registrar and was successful in her application for the position of Registrar in 2006. After the decision was made to separate the offices again in 2017, Emma remained in her post for Guernsey and left the Jersey role in early 2018. Emma started her career in the civil service having gained a degree in Social Science and Politics. Her role as Support Manager for the States of Jersey Police introduced her to data protection many years ago and she has committed herself to the field ever since. The Data Protection Commissioner is a statutory role, is an ex-officio, non-voting member of the Data Protection Authority and acts as the chief executive of that Authority with responsibility for day-to-day operations.
Deputy Data Protection Commissioner
Rachel joined the ODPA in June 2013. She deputises for and supports the Data Protection Commissioner. Her role as Deputy Data Protection Commissioner includes investigation and resolution of complaints and the provision of advice and guidance to organisations and members of the public. Her role on the ODPA’s senior management team includes contributing to strategic planning, development and governance. Rachel is also the data protection officer for the ODPA. Rachel began her career in the civil service in 1996 and worked for a number of States departments, in a range of different roles. Following a brief foray into financial services, Rachel returned to public service, spending eight and a half years at Guernsey Police as their data protection officer, immediately prior to joining the ODPA. During this time, she gained the ISEB Certificate in Data Protection and invaluable hands-on experience of dealing with data protection issues ‘at the coalface’. In July 2018 Rachel completed a LLM Information Rights Law and Practice, her research paper Leaving the EU: the data protection implications of a ‘Hard Brexit’ for UK businesses with EU data flows and clients has been published on IAPP’s website.
Chief Operating Officer
Tim joined the ODPA in February 2018, and until July 2018 he held the role of Project Manager responsible for coordinating the various elements (funding, infrastructure, novation, resourcing etc.) necessary to establish the Data Protection Authority as an independent regulator from 25 May 2018. Taking up the role of interim COO in August 2018 sees Tim gain responsibility for developing and maintaining the ODPA’s operational framework. As part of the senior management team he also supports the commissioners in matters of strategy, governance and effective regulation. Tim began his career as an electro-mechanical design engineer, before moving into financial services with Credit Suisse in the early 1990s. From 2000 he ran his own consultancy firm until 2008, when he sold up and took on the role of Head of Business Development for Generali International. From May 2010, he also became the Country Head of Innovation for the Generali group entities based in the Channel Islands and Ireland. In 2012, Tim became the Chief Transformation Officer/Director for the Guernsey Financial Services Commission and led the 4 year programme to research and introduce Risk-Based Supervision. During this time he was also the head of the Risk Unit and ultimately became Chief Risk Officer. He left the GFSC in early 2016 to take up the position of Director of Income Tax (Transformation) for 2 years prior to moving back into regulation.
|Lesley Le Bailly
Lesley joined the ODPA in January 2018 with the main responsibility of investigating data protection complaints. She is ICSA qualified and was Head of Governance at the Department for Education, Sport and Culture, Jersey for a number of years. During this time she presented at the Data Protection Registrar’s 2005 Law launch conference and gained the ISEB certificate in Data Protection. In early 2014, in advance of the Freedom of Information (Jersey) Law 2011 coming into force, she was seconded to the Chief Minister’s Department as Freedom of Information Manager. Lesley retired from the States in 2016 then spent a year working for the Office of the Information Commissioner, based in Jersey but working in Guernsey as required.
Operations & Compliance Manager
Lawrence joined the ODPA in February 2017 and gained the PDP Practitioner Certificate in Data Protection after a period of study and examination in late 2017 – passing with one of the highest grades in the UK. His current responsibilities include regulatory compliance, casework advice and support. Lawrence began his career at the Island Archives after finishing his A levels at the Guernsey Grammar School. He spent nearly six years at the Island Archives where one of his duties was to fulfil the Data Guardian role. Lawrence primarily worked within the records management function of the Island Archives, developing data protection practice within the organisation and coordinating the archiving, access and eventual deletion of government records spread across two secure facilities.
Mike joined the ODPA in June 2018 as the Office Manager. He is responsible for the day to day management of the office, including maintaining the Data Protection Register, providing guidance regarding the Law, overseeing financials and maintaining filing systems. Mike’s enjoyed a diverse career before joining us. He spent 20 years serving as a prison officer locally. In the latter years of that role he was a senior officer, and part of a small team tasked with setting up and managing the new Offender Management Unit together. In 2010, Mike joined the States of Guernsey’s Health and Social Care Department to manage the then Mental Health Law. This included research in to the operational requirements of the law and input in to the new Code of Practice in relation to the new Mental Health Law and Tribunal arrangements. In 2011, he took up the role of Deputy Manager, and then Manager, of HSC’s Purchasing Department. This then led onto a new role of Initiatives Development Manager leading on vendor negotiations for high value contracts and procurements for the hospital, specifically targeting efficiency savings for HSC.
Chief Communications Officer
Leanne joined the ODPA in June 2018, to oversee the ODPA’s internal and external communications activities. She is responsible for developing and implementing our communications strategy, collaborating with local media, creating content for our website/social media, safeguarding our reputation, and nurturing our culture of effective communication. Following completion of an MSc Science Communication, Leanne started her career in London’s TV facilities industry as a camera assistant with aspirations of becoming a scientific documentary producer. After being tempted back into science, she then spent several years working in the UK government’s National Physical Laboratory in-house communications team as a knowledge-transfer specialist and technical writer. Following a short career break to have children and move back to Guernsey, she freelanced as a consultant for UK-based scientific organisations, helping them to benefit from clear communication of technical information.