GDPR-What will it mean for your business?
What will the GDPR and Data Protection (Jersey) Law 2018 (DPJL) mean for your organisation?
The GDPR is applicable to:
- EU organisations processing personal data of EU individuals;
- Non-EU organisations offering goods/services to EU individuals;
- Non-EU organisations monitoring the behaviours of individuals in the EU.
The core aims of the GDPR and DPJL are to protect the rights and freedoms of individuals in respect of their personal information. Organisations (data controllers and data processors) have obligations under both laws to respect those rights under the general principles of transparency and accountability, to the extent that such legislation applies to them.
This guide and the accompanying checklist have been designed to assist SMEs based in Jersey, who may not have access to extensive planning and legal resources. Using this guide, along with our twelve-step guide, will help those businesses in particular to prepare for a business future that is data-protection compliant.
If you process personal data as part of your business, the DPJL will apply to you and the GDPR might apply to you if you fulfil the criteria set out above.
It is important to remember that:
- Customer AND employee data is personal data
- Simply storing personal data electronically or in hardcopy constitutes ‘processing’ personal data
- The DPJL (and where applicable, the GDPR) applies to both controllers AND processors.