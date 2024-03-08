Introduction

This briefing is part of a Walkers series on the Data Protection (Bailiwick of Guernsey) Law, 2017 ("the DPL") was drafted to reflect the EU's General Data Protection Regulation (the "GDPR"). The DPL came into effect on 25 May 2018.

There are seven principles which are set out in the DPL (and also in the GDPR) which Guernsey organisations are legally required to adhere to. Those seven principles are as follows:

1. Lawfulness, fairness and transparency

Those who process personal data must have a valid reason for doing so under the Law. The personal data must be used in a way that is fair and it must be clear precisely what the data is being used for.

2. Purpose limitation

Personal data must be used for only for the reasons the data subject was advised at the outset that the data would be used for.

3. Data minimisation

The personal data obtained from a data subject must be limited to what is necessary for the stated purpose.

4. Accuracy

The personal data which is held must be accurate and, where necessary, updated.

5. Storage Limitation

Personal data must not be kept for longer than it is necessary. This will depend on the basis upon which the data is being held.

6. Integrity and confidentiality

Appropriate security measures must be put in place and maintained in order to ensure that personal data is not accidentally deleted, altered or disclosed to anyone who is not permitted access to it.

7. Accountability

An organisation must take responsibility for what it does with personal data. They must be able to demonstrate that requisite systems and measures have been put in place to ensure compliance with the Law.

