As many of you will be aware, the EU has adopted a new framework in respect of data protection which will come into force on 25 May 2018, the General Data Protection Regulation (GDPR). Although Guernsey and Jersey are not members of the EU, the GDPR has far wider reach than just the EU and will also apply to many organisations targeting EU citizens.
In addition, Guernsey and Jersey will want to remain "adequate" jurisdictions for data protection purposes and in order to do this, will bring in their own GDPR-compliant legislation. The Islands' Commissioner for data protection has therefore proposed 10 steps for organisations to take in preparation for the enforcement of the GDPR and the equivalent local legislation.
