The Isle of Man is making progress towards ensuring it is well positioned to meet modern standards in respect of data protection.
The Cabinet Office is continuing to drive forward legislative changes in line with a commitment in the Programme for Government.
New arrangements will be in place for May 2018 to ensure the Island is aligned with European law that strengthens and unifies data protection for all individuals within the EU.
While it is not part of Europe, the Isle of Man has ‘third country’ status and must demonstrate that its legislation has adequacy* with the European Union General Data Protection Regulation (GDPR).
Providing a level of personal data protection that reflects EU law is an important factor for Isle of Man businesses that wish to trade with Europe and process EU citizens’ data.
The new European Union GDPR provides more protection to people in the way their data is collected and used.
Chief Minister Howard Quayle MHK said: ‘It is essential that the public sector, businesses and charities in the Isle of Man are aware of their responsibilities under the new regulations, which are scheduled to come into force here from May 2018. GDPR will require organisations to achieve and maintain an enhanced level of governance and ongoing monitoring.’
Under GDPR the rights of an individual are strengthened in a number of areas, such as data portability, the right to be forgotten and children’s data. New requirements will also be introduced regarding the notification of data breaches and tighter deadlines on subject access requests.
The Isle of Man has remained in step with European data protection law in recent years through the Data Protection Act, Unsolicited Communications Regulations and the Freedom of Information Act.
Information Commissioner Iain McDonald said: ‘Data has become an important commodity in the global economy, but current data protection laws are outdated. The EU GDPR makes good data protection practice and governance an integral part of business and a boardroom responsibility.’
He added: ‘It provides individuals with stronger rights and protections and also provides powers to enforce its standards if necessary. Introducing equivalent legislation should be welcomed, as it will not only benefit Island residents but also businesses which will be able to continue to transfer personal data to and from the EU without additional cost.’
The Government intends to invite feedback on proposed new legislation via a public consultation in January 2018.
In the meantime, organisations are encouraged to ensure their information governance is up to date and able to meet the new requirements of GDPR.
Guidance is available on the website of the Information Commissioner, while a number of private sector organisations are offering support in preparation for GDPR.
*Data adequacy is a status granted by the European Commission to non-EEA countries who provide a level of personal data protection that is “essentially equivalent” to that provided in European law.