The Office of the Data Protection Authority (ODPA) has published its annual report for 2019 which details the highlights from the first full year of its activities under The Data Protection (Bailiwick of Guernsey) Law, 2017 which came into effect in May 2018.
The Authority has identified a number of key achievements, including taking steps towards full independence from the States of Guernsey, which ensures statutory duties can be carried out with the highest standards of integrity and accountability, along with project management and delivery of a self-funding model that is to be introduced in 2021.
Commenting on 2019’s activities, Emma Martins, the Bailiwick’s Data Protection Commissioner, said:
“We have seen evidence of a global awakening of the extraordinary scale and impact of personal data processing in this digital area and how it goes to the very core of who and what we are as human beings.
“At its heart, data protection is about protecting and empowering individuals and I am delighted that, despite some early challenges, the law in the Bailiwick is now working well. It is clear that data protection is starting to bed into everyone’s personal and professional lives, not just locally, but across the globe.
“Against the global backdrop of economic and political uncertainty, we want to ensure that the Bailiwick maintains a high-quality, stable and forward-looking regulatory environment which recognises that innovation and good governance are interdependent.”
The ODPA’s report highlights progress made towards its five strategic objectives:
- delivering its enhanced statutory duties;
- being a relevant, responsive and effective regulator;
- supporting organisations to meet their obligations and empowering individuals to exercise their rights;
- developing and maintaining effective relationships; and
- elevating discussions around the protection of personal data.
The Chair of the Data Protection Authority, Richard Thomas CBE commented on why data protection matters,
“Data Protection is actually People Protection. In the real world, where personal information has now become incredibly valuable, it protects people’s privacy and it protects them from a wide range of social and economic harms which threaten their well-being. Data protection equally protects organisations. There cannot be any organisation – private, public or voluntary sector – that does not handle personal information. Getting data protection right for their customers, clients, suppliers, patients, citizens and voters is simply a matter of self-interest.
Mr Thomas concluded,
“For the Bailiwick, there is a further reason why data protection matters. Soon, in accordance with the General Data Protection Regulation (GDPR), the European Commission will decide whether the Bailiwick should keep its ‘Adequacy’ status. Loss of that status, which permits the free flows of personal data which underpin the global digital economy, would be devastating for the financial services industry and other parts of the Bailiwick’s economy.
“Of course, the European Commission is scrutinising the 2017 Law to make sure that it closely mirrors GDPR’s provisions. But it is also required to make sure that Guernsey has a genuinely independent supervisory authority that can demonstrate effective functioning.”