Guernsey’s data protection regime – shifting attitudes

Настоящая статья посвящена чрезвычайно актуальным вопросам, связанным с защитой персональных данных. Орган по надзору за соблюдением законодательства о защите персональных данных (ODPA) представляет ключевые вопросы в этой сфере, вытекающие из Закона о защите данных (Bailiwick of Guernsey) 2017 года.

Комиссар по защите данных Гернси Эмма Мартинс (Emma Martins) заявила, что целью ODPA является создание справедливого и недорогого бизнеса с низким уровнем администрирования, который позволит местным предприятиям сосредоточить свои усилия на хорошем ведении бизнеса, а не на заполнении бюрократических форм. Задержка в согласовании модели финансирования системы защиты данных привела к расширению действующих регистрационных льгот для малых предприятий и индивидуальных предпринимателей. Те лица, к которым применяются исключения, больше не будут обязаны регистрироваться в ODPA до января 2021 года.

Introduction
Changes in culture in the workplace
Predict, prevent, detect, enforce
Delayed introduction of self-funded charging system
Introduction

A shift in Guernsey’s corporate and individual attitude towards the misuse of data is now central to the Office of the Data Protection Authority’s (ODPA’s) future approach to governance and enforcement in Guernsey.

Following the end of the transitional relief period under the Data Protection (Bailiwick of Guernsey) Law 2017 in May 2019, this article rounds up the key issues which the ODPA has communicated and which will dictate its approach.

Changes in culture in the workplace

The ODPA has repeatedly highlighted its encouragement for a shift in attitudes, for both consumers and businesses, so that the misuse of data is seen as both legally and socially unacceptable.

While legislation and regulatory action both have a role to play in protecting data, the ODPA sees consumers and businesses as the key factor in achieving secure, ethical use of data. As consumers begin to recognise the ever-growing value of their personal information and have open access to information about the frequency and severity of data breaches, they can begin to impose an ethical baseline when it comes to the use of their data and punish those businesses which fall beneath it. Over time, this will have the effect of building a self-correcting market.

A simple rule of thumb for officers and employees undertaking any aspect of personal data management to ensure they do not fall foul of the standards of protection required by the ODPA is to treat personal data in the manner in which they would wish their own personal data to be treated.

Predict, prevent, detect, enforce

The ODPA is seeking to achieve a balanced approach across the four key areas of regulation (prediction, prevention, detection and enforcement) in fulfilling its functions under the law.

In particular, businesses have been reminded that the principal purpose of the breach reporting requirements under the law is to assist the regulator in:

predicting and preventing breaches before they have occurred;
identifying areas in the industry which may require additional resources; and
training to achieve compliance and best practice, rather than as an enforcement tool.
Delayed introduction of self-funded charging system

The ODPA released a statement on 28 October 2019 to confirm that while it had been working with the States of Guernsey for the past year to agree a funding model for the ODPA’s activities based on the charging of annual registration fees, it has taken longer than expected to agree and implement such a model.

Guernsey Data Protection Commissioner Emma Martins stated that:

the ODPA’s goal is to achieve a fair, low-cost, low-admin business that allows local businesses to concentrate their efforts on running their businesses well, rather than filling in bureaucratic forms.

The delay in agreeing the funding model has resulted in the extension of the current registration exemptions for small businesses and sole traders. Those persons to which the exemptions apply will no longer be required to register with the ODPA until January 2021.

Автор: Charlotte Brown

Источник: https://www.internationallawoffice.com/Newsletters/Private-Client-Offshore-Services/Guernsey/Ogier/Guernseys-data-protection-regime-shifting-attitudes?utm_source=ILO+Newsletter&utm_medium=email&utm_content=Newsletter+2020-01-09&utm_campaign=Private+Client+%26+Offshore+Services+Newsletter

Читайте также