A long overdue revision of personal data protection law with local implications is now only a year away, hopefully ushering in a new era of public and private entities controlling and processing your personal data as explicitly directed by you, reinforcing your fundamental human right to privacy in the digital age.
The EU’s General Data Protection Regulation (GDPR) comes into force on 25th May 2018. GDPR matters on the Isle of Man as it is “extraterritorial”, applying to companies and governments in all non-EU jurisdictions, should they handle the personal data of EU residents. The Googles and Facebooks of the world have senior staff assigned to this matter already, for example!
Key features affecting individuals include:
• A higher bar for entities when gaining consent to process your data.
• The right to “be forgotten”.
• Free and faster subject access requests.
Some affecting local data controllers and processors include:
• An obligation to report all personal data breaches.
• A hugely empowered data protection authority.
• A financial penalty ceiling of €20m or 4% of global turnover.
The Isle of Man has taken data protection seriously since the 1980’s, and currently finds itself one of only 11 territories outside of the EU whose personal data protection standards are considered “adequate” by the European Commission. This currently facilitates the movement of personal data across European borders, which most of our 2,000+ data controllers certainly welcome.
As our Chief Minister is personally accountable for the delivery of new Manx legislation which would be deemed “adequate” by the European Commission post-May 2018, it should at least increase the likelihood of it happening!
Finally, our Information Commissioner’s office has helpfully produced a wealth of easy-to-read GDPR preparatory materials at www.inforights.im , so if you cannot serve yourself from there, you are most welcome to get in touch.