The Bailiwick is, for the first time, participating in the Global Privacy Enforcement Network Privacy Sweep which takes place in September and October 2019.
The Global Privacy Enforcement Network (GPEN) was established to foster cross-border cooperation among privacy authorities. This, the seventh Sweep, will focus on how organisations in each jurisdiction are prepared for handling data breaches, their internal procedures and framework, how they respond and the processes in place for preventing future breaches.
Guernsey’s Office of the Data Protection Authority (ODPA) is one of 18 privacy enforcement authorities from around the world taking part. The ODPA is focusing solely on healthcare providers and has already contacted a select number locally to respond to GPEN’s set questionnaire.
ODPA Case and Compliance Investigator, Edward Chapman, is coordinating the Sweep locally.
‘The theme for this year is data breach notifications so this presents a great opportunity for the Bailiwick organisations we have contacted to be a part of this important, international project. I would like to assure everyone that their responses to the GPEN questionnaire are for information purposes rather than enforcement.’
Guernsey is one of a growing number of jurisdictions around the world where data breach reporting is mandatory. Other jurisdictions, such as New Zealand, Hong Kong and Singapore, are in the process of considering the feasibility of adopting a mandatory regime, or are in the process of doing so.
The Sweep is an opportunity for jurisdictions with mandatory data breach reporting regimes, such as the Bailiwick, to reflect on how their local organisations are performing compared to other parts of the world and identify trends which could guide future education and outreach.
The overall results of this year’s Sweep will be compiled and made public towards the end of 2019.
The ODPA have already contacted a small number of local healthcare providers to take part. It is not mandatory for these selected organisations to respond, and no other organisations are required to take part.
The Global Privacy Enforcement Network (GPEN) is a network of privacy enforcement authorities, of which the ODPA is a member.
More information: https://odpa.gg/gpen/