1 / 29

The Data Protection (Jersey) Law 2005 Jersey Occupational Safety & Health Association

The Data Protection (Jersey) Law 2005 Jersey Occupational Safety & Health Association 27 th November 2007. Human Rights Employment Regulation of Investigatory Powers Data Protection Health & Safety Rehabilitation of Offenders Public Records. The Data Protection (Jersey) Law 2005.

amalie
Download Presentation

The Data Protection (Jersey) Law 2005 Jersey Occupational Safety & Health Association

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Data Protection (Jersey) Law 2005 Jersey Occupational Safety & Health Association 27th November 2007

  2. Human Rights • Employment • Regulation of Investigatory Powers • Data Protection • Health & Safety • Rehabilitation of Offenders • Public Records

  3. The Data Protection (Jersey) Law 2005 A Law to make provision for the regulation of the processing of information relating to individuals including the obtaining, holding and use or disclosure of such information.

  4. Key new Features of the new Jersey Law • Definition of data includes structured manual personal information • Must meet minimum criteria before processing commences • Still 8 enforceable basic Principles • Principles are strengthened • Principles apply – notified (registered) or not

  5. Key new Features of the new Jersey Law (Cont’d) • Individuals’ Rights enhanced • Limited Exemptions • Establishes an independent DP Commissioner with increased powers • Enforcement – pre-assessments • Transition period for currently exempt data when processing already underway

  6. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: DATA Means information which is: Automatically processed or Recorded with the intention of being automatically processed or Recorded as part of a relevant filing system

  7. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: RELEVANT FILING SYSTEM Means any set of information relating to individuals to the extent that the set is structured either by reference to individuals, or in such a way that specific information relating to a particular individual is readily accessible.

  8. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: PERSONAL DATA Data which relates to a living individual who can be identified: From those data or From those data and any information which is in the possession of, or is likely to come into the possession of the data controller

  9. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: SENSITIVE PERSONAL DATA • Racial or ethnic origin • Political opinions • Religious or other beliefs • Trade union membership • Physical or mental health • Sexual life • Offences

  10. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: PROCESSING includes obtaining, holding and carrying out any operation on the information or data

  11. The Data Protection(Jersey)Law 2005 KEY DEFINITIONS: DATA SUBJECT An individual who is the subject of personal data.

  12. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: DATA CONTROLLER A person who (either alone or in common with other persons) determines the purposes for which and the manner in which personal data are, or are to be, processed.

  13. The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: DATA PROCESSOR a person (other than an employee) who processes the data on behalf of the data controller

  14. The Data Protection (Jersey) Law 2005 The Principles There are 8 Data Protection Principles which set enforceable standards for the collection and use of personal data.

  15. Data Protection (Jersey) Law 2005 The First Principle: • Personal data shall be processed fairly and lawfully and in particular shall not be processed unless: • Schedule 2 is satisfied for all personal data • Schedule 3 is satisfied for all sensitive personal data

  16. The First Principle (Cont’d): Fairness: The individual must be informed of: • The identity of the data controller • The purpose(s) for which the data are intended to be processed • Any other information which is necessary having regard to the specific circumstances in which the data are, or are to be processed

  17. The First Principle (Cont’d): Conditions for the processing of any Personal Data: Schedule 2: At least one of the following conditions must be satisfied before processing can commence: • Consent • Performance of a contract to which the data subject is a party or has requested • Legal obligation • Vital interests • Public functions and administration of justice • Legitimate interests

  18. The First Principle (Cont’d): Conditions for the processing of any Sensitive Personal Data: Schedule 3: At least one of the following conditions must be satisfied before processing can commence: • Explicit consent • Employment purposes • Vital interests • Non Profit Organisations • Information already made public • Legal proceedings • Public functions • Medical purposes • Equal opportunity research

  19. The Second Principle: • Personal data shall be obtained for only one or more specified and lawful purpose and shall not be further processed in any manner incompatible with that purpose or purposes.

  20. The Third Principle: • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  21. The Fourth Principle: • Personal data shall be accurate and, where necessary, kept up to date.

  22. The Fifth Principle: • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

  23. The Sixth Principle: • Personal data shall be processed in accordance with the rights of data subjects under this Law.

  24. Individuals Rights • Access * • Correction, erasure, destruction • Stop processing • Direct marketing • Automated decision-making • Compensation

  25. Individuals Rights cont. Access Article 31 Exemption for the sake of regulatory activity If access request would prejudice the proper discharge of a function designed for securing health, safety and welfare of persons at work

  26. The Seventh Principle: • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  27. The Eighth Principle: • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

  28. Enforcement The Commissioner has legal powers to ensure that Data Controllers comply with the Law. Offences 1. Failing to Notify or Notify Changes 2. Failing to make information available when requested by a data subject (when not notified) 3. Breaching an Information/Enforcement /Special Information Notice issued by the Commissioner 4. Making a false statement (intentional or reckless) in purported compliance with an Information Notice 5. Unlawful obtaining or selling of personal data 6. Providing false or misleading information to the Commissioner

  29. Contact details:Emma MartinsMorier HouseHalkett PlaceSt HelierJersey JEI IDDTelephone – 441064Website – www.dataprotection.gov.je

More Related