• Data Protection qualifications for six States of Jersey staff members

    Five States of Jersey employees, along with a member of staff from Ports of Jersey, have recently passed the Practitioner Certificate in Data Protection qualification, which means they are now fully up-to-date with the requirements of the European Data Protection Directive and the Data Protection (Jersey) Law 2005.

    Julie Hinault (Taxes Office), Karen Wellman (Social Security), Andy Cousins (States of Jersey Police), Tracey Fullerton (Health and Social Services), Susie Gomes (Economic Development, Tourism, Sport and Culture) and Claire Brown (Ports of Jersey) had to complete five days of training and pass an exam to qualify.

    The Practitioner Certificate (PC.dp) is the practical qualification for those who work in the fields of data protection and privacy. Those holding the qualification will be instrumental in the practical implementation of the new General Data Protection Regulation (GDPR) which comes into force on 25 May 2018.

    Governance Officer for Social Security, Karen Wellman, said, “It has been a good experience to spend time with colleagues from different departments working in this area, so as well as now being formally qualified, I have also gained a good network of likeminded people with whom I can liaise. I would recommend the course, and with the introduction of GDPR, think that this is important to ensure confidence with compliance in this very important area for all businesses.

    The Commissioner extends her congratulations to all of them, who join Colin Renouf from States of Jersey Police and Mel Pardoe from Education, who already hold this qualification.

    Read more >
  • Personal data vulnerable to cyber attack

    The annual assessment of the biggest cyber threats to UK businesses has been published today, after being produced jointly for the first time by the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and industry partners from multiple sectors.

    The report emphasises the need for increased collaboration between industry, government and law enforcement in the face of a growing and fast-changing threat, and discusses the trend of criminals imitating the way suspected nation state actors attack organisations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.

    The report notes the cyber security challenges faced by businesses, and urges them to report all cyber crime to ensure the UK has an accurate intelligence picture and highlights the resources available to companies of all sizes, particularly the large firms which often present the most attractive targets for attackers.

    The report will be presented at the NCSC’s Cyber UK Conference in Liverpool, today (14 March). For further details and to see the full report, click here.

    Read more >
  • Channel Island delegation updates European Commission on its commitment to new data protection regime

    THE European Commission has pledged to further strengthen relations with Jersey and Guernsey on data privacy and protection.

    The islands are among the small group of non-EU countries that are the subject of an ‘adequacy decision’ by the Commission, which is an official certification that the islands meet essentially equivalent data protection standards to those applying in the EU.

    At a recent meeting in Brussels, a pan-Channel Island delegation updated the Commission on legislative, regulatory and policy developments since our original adequacy decisions were adopted and explained the efforts being made in both Bailiwicks to implement the GDPR and the new directive.

    ‘Much work has been done in recent months across the Channel Islands to ensure we are strongly positioned to respond to the impending reform of data protection regulation. The visit by representatives of the islands and this office was a significant step for us all,’ said Emma Martins, Jersey’s Information Commissioner.

    ‘Maintaining the islands’ reputation as a well-regulated jurisdiction, in respect of data protection, is more important than ever. Ensuring the Channel Islands provide a robust framework of protection for personal data is vital not only for established businesses, as when done well it is also fundamental for economic growth and innovation in this digital era.

    ‘I am delighted that both the States of Jersey and the States of Guernsey have committed to high quality legislative reform for the islands and my team and I are equally committed to delivering a meaningful and effective regulatory regime.’

    In May 2018 a new data protection regime will come into force in the EU – the General Data Protection Regulation (GDPR) together with the Law Enforcement Directive, which applies a similar regime to exchanges of personal data between law enforcement authorities. Jersey and Guernsey have committed to implementing into domestic law, by May 2018, essentially equivalent provisions to the GDPR and the new Law Enforcement Directive.

    Senator Paul Routier, assistant minister, Chief Ministers Department, Jersey, added: ‘Ensuring that we are ready for the EU’s new data protection regime next year is important for Jersey’s continued access to European markets. I was therefore pleased that officials were able to update the Commission on the good progress that is being made in Jersey and Guernsey to implement this new regime, and I was particularly encouraged to learn that the Commission is committed to ensuring the continuity of the Islands’ adequacy findings in respect of data protection.

    ‘This project is an excellent example of pan-Island cooperation and I will be supporting efforts to further strengthen our relations in the area of data privacy and data protection.’

    Read more >
  • Sir Tim Berners-Lee: “We’ve lost control of our personal data”.

    As the world wide web celebrates it’s 28th birthday, founder and web inventor Sir Tim Berners-Lee explains how the internet has developed, and voices his concerns about recent trends that he believes need to be tackled immediately for the internet to fulfil its true potential.

    One of those concerns is the loss of control of our personal data, and how many consumers seem happy to give away their personal information in exchange for services without realising that their information will be shared with other companies. In his open letter on his Web Foundation website, Mr Berners-Lee makes some suggestions as to how we can regain some of that control.

    Click here to see the full letter.


    Read more >
  • Governments urged to be more proactive about making information public

    TRANSPARENCY and open government is more important than ever in what has been called a ‘post truth’ age of information rights.

    At a recent meeting for national and regional Freedom of Information Commissioners and Ombudsmen held in Berlin, delegates – including Emma Martins, head of the Channel Island Data Protection regulator – were told about the importance of government being more proactive about making information public.

    Much of the discussion during the meeting centred on government taking the initiative and being more proactive about making information public. Graham Smith from the EU Ombudsman talked about the work of his office in encouraging wider access and the easier exercising of rights together with the promotion of good administrative practices, where decisions are taken as openly and as close to the citizen as possible.

    Attending in her capacity as Jersey’s Information Commissioner charged with regulation of the Freedom of Information (Jersey) Law 2011, Mrs Martins said: ‘Openness contributes to the strengthening of principles of democracy and respect for fundamental rights, and the right of access to documents is only one small part of accountability and showing transparency.

    ‘Many jurisdictions across Europe have adopted Freedom of Information legislation, with Jersey implementing its own Law in 2015. The Bailiwick of Guernsey does not have legislation in place, however, does have a code of practice for access to government information, underpinned by the core principles of a presumption of disclosure; a corporate approach; a culture of openness; proactive publication; and effective records management.

    ‘The overarching message arising from the meeting was that a strong information access regime can only be fully effective if supported by mediators acting between the state and its citizens, and in a resolution agreed by the participants, governments have been called upon to enforce freedom of information and strengthen those charged with oversight of those laws.’

    The Berlin meeting was the first of this group with the main purpose being to provide a forum for international cooperation between regulatory authorities and Ombudsmen across Europe and the Crown Dependencies.

    The full resolution can be found by clicking on the link below. For further information, please contact the Office of the Information Commissioner at

    2017 Resolution

    Read more >
  • Law drafting instructions for new legislation and repeal of Data Protection (Jersey) Law 2005

    The Assistant Chief Minister has approved instructions to the Law Draftsman to repeal the Data Protection (Jersey) Law 2005 and to prepare a new legislation that will replace it and set out the new powers, functions and funding arrangements for the regulator.

    The full ministerial decision can be found by clicking the link below:

    Read more >
  • The Office of the Information Commissioner (OIC) welcomes Jersey’s new Cyber Security Strategy

    With data at the heart of so much economic and social activity in the Island, the security of that data is vitally important in both a professional and personal capacity.

    The major reform of data protection legislation due in early 2018 is, to a significant degree, prompted by the new risks posed to individuals in this digital era.  If Jersey is to respond to those risks, an effective and responsive cyber security strategy is an essential element of data protection and must form part of the broader Island data strategy.

    ‘Whilst it is important for all of us to be aware of the risks, government has a major role to play in ensuring there is a robust policy and a legal and technical framework underpinning digital activity,’ said information commissioner Emma Martins.

    ‘We have seen high profile security breaches in recent years and it is a problem that is only going to increase. Not only do breaches pose very real risks to individuals whose data have been compromised, it also affects the reputation of the organisation and the jurisdiction where the organisation is based. This is why it is so important for government and business to work together and the OIC welcomes the Cyber Security strategy report and consultation.

    ‘For a jurisdiction to benefit from the huge opportunities the digital era presents for government, business and individuals, we need to ensure we have the tools to respond. This is no longer the sole domain of just IT staff.  Digital security is the responsibility of us all, and needs engagement at every level of society so I would urge Islanders to respond, both in a personal and professional capacity. Data security must now be on every board agenda, risk register and education programme,’ added Mrs Martins.

    The States of Jersey’s consultation paper can be found at

    Read more >
  • Data Protection Reform highlighted as key priority for States of Jersey in new Digital Policy Framework

    The States of Jersey have published their Digital Policy Framework; a document that outlines the six core long-term objectives that will determine the approach to digital policy for the next decade.

    Data Protection is one of those core objectives and the document outlines their aims underpinned by principles covering how policy will be developed to achieve these aims.

    More detail can be found at the the Digital Policy Framework webpage.

    Read more >
  • Data Protection Day: Businesses urged to prepare for major overhaul of data protection law due in 2018

    As part of International Data Protection Day on 28th January, the Office of the Information Commissioner and Data Protection Commissioner is calling on all businesses in the Channel Islands to ensure they make themselves aware of impending legislative changes that will have significant ramifications for the way that they handle all personal data.

    When it comes into force across the European Union (EU) from May 2018, the General Data Protection Regulation (GDPR) aims to strengthen data protection rights for individuals and harmonise compliance requirements for businesses.

    GDPR is set to be the largest change to the protection of personal data across Europe since implementation in 1995 of the EU Data Protection Directive which is currently in force. At that time, and in response to the transfer controls on data exported from the EU, the Channel Islands implemented the Data Protection (Bailiwick of Guernsey) Law, 2001 and the Data Protection (Jersey) Law 2005 which ensured the continued free flow of data to the Islands.

    The Regulation will be overseen by the European Parliament, the European Council and the European Commission. The governments of Jersey and Guernsey, together with the Channel Islands Brussels Office, are working with the Commission as well as key stakeholders, to ensure the Islands are prepared for the changes and businesses are aware of their responsibilities and have time to prepare.

    The Commissioner is using Data Protection Day, an international day designed to raise awareness and promote privacy and data protection best practices, to start the public conversation about GDPR and its implications.

    Emma Martins, head of the Channel Island Data Protection regulator, said, ‘The introduction of GDPR will be transformative for how businesses handle personal data; we are on the verge of huge change in data regulation. To support businesses of all sizes, we will be preparing information and guidance as the law drafting progresses throughout 2017 and are committed to continuing this conversation with businesses.

    ‘I cannot over emphasise the importance of being prepared for this legislation. I particularly want to stress this to the Islands’ small to medium sized business communities who may not have access to the legal or compliance expertise and resources available to larger organisations. The new regulations are certainly going to up the game in terms of compliance obligations and there is much greater accountability for data controllers and processors. Wherever personal data is involved, whether that is staff, client or any other information relating to individuals, data protection compliance will have to be considered and built in at the beginning of the process and to a more significant and demonstrable degree.’

    Mrs Martins is also clear that GDPR is extremely important for individuals: ‘Whilst this is important for the Channel Islands in that it will ensure we remain a trusted jurisdiction with no restriction on data flows, its importance for all of us in a personal context should not be underestimated. We live in an era where a vast amount of our personal information is being collected and used in ways unimaginable only a few years ago. What happens to that data is a deeply serious question and effective regulation plays a significant part in ensuring we all have the rights we are entitled to and have come to expect living in a democracy.’

    Both governments have committed to GDPR being incorporated into local law with the intention of being ready for implementation for May 2018.

    ‘I have had extremely positive meetings with senior representatives from the States of Jersey and States of Guernsey, both of which are committed to ensuring the Islands are fully compliant with GDPR. In anticipation, we have begun a comprehensive review of the Commission’s structure and resources to ensure we are in in a strong position to support businesses at this time,’ added Mrs Martins.

    Data Protection Day is aimed at individuals, families, consumers and business and encourages people to consider the important of protecting their personal information online.

    For further information about GDPR, please visit the bespoke GDPR section of our website:


    Read more >
  • UK Children’s Commissioner publishes report on children’s interaction with social media providers

    The UK Children’s commissioner has called for greater representation after a recent study found half of eight- to 11-year-olds have agreed opaque T&Cs with social media firms.

    Children are being left to fend for themselves in the digital world, regularly signing over rights to their private messages and pictures unknowingly and with scant advice from parents or schools, according to commissioner.

    Almost half of eight- to 11-year-olds have agreed impenetrable terms and conditions to give social media giants such as Facebook and Instagram control over their data, without any accountability, according to the commissioner’s Growing Up Digital taskforce.

    The year-long study found children regularly signed up to terms including waiving privacy rights and allowing the content they posted to be sold around the world, without reading or understanding their implications.

    The full report can be found by clicking here.

    Read more >