Support Centre



Law: Data Protection (Jersey) Law, 2018 ('the Law'), and Data Protection Authority (Jersey) Law 2018 ('the Authority Law')

Regulator: Jersey Office of the Information Commissioner ('JOIC')

Summary: The Law and the Authority Law came into force on May 25, 2018. The Authority Law establishes the Data Protection Authority which can appoint a Board permitted to delegate most of its functions to the JOIC. Controllers and processors established in Jersey are required by the Authority Law to register with the JOIC before commencing the processing of personal data. As of January 1, 2020, the Data Protection (Registration and Charges) (Amendment) (Jersey) Regulations 2019 have been effective which have introduced a new fees structure, with fees ranging from £70 to £1,600 depending on the size of the organization, its revenue, and the type of personal data processing. The JOIC has issued guidance on various data protection issues, including Data Protection by Design and Default, Data Protection Impact Assessment ('DPIA'), and data subject rights. In addition, the JOIC has signed a memorandum of understanding ('MoU') with the Guernsey Office of the Data Protection Authority ('ODPA') in order to enhance the exchange of information and cooperation between the ODPA and the JOIC. The European Commission has recognized Jersey as providing adequate protection for the purpose of cross-border data transfers from the EU.


Richard Field, Partner at Appleby, discusses key aspects of Jersey's recently enacted data protection legislation in comparison to GDPR, including definitions, registration requirements, international data transfers, and enforcement measures. While aligning with GDPR principles, the laws exhibit unique nuances, emphasizing the need for specialized local guidance to navigate these regulations effectively.