For those who’ve been on this journey for some years, this was a time to take a short breather, before steeling ourselves for the road ahead. GDPR is but one part of a regulatory wave sweeping Europe and beyond – ePrivacy, PSD2, MIFID2, NISD, 5th AML Directive, the list goes on. Data impacts so many areas of life (both private and professional) that it was always going to be impossible to effect change via one piece of legislation.

Many jurisdictions outside the EU have enacted new data protection legislation, aimed at achieving varying levels of equivalence with GDPR. Change is being driven on a global level.

Guernsey, Jersey and the Isle of Man have all enacted new laws to ensure they maintain “adequacy” (the European Commission decision which enables the free flow of information between jurisdictions deemed to have equivalent levels of protection for personal data). This is vital to protecting the islands’ economic position, but is also a key element of the continuing focus on being “well regulated”. Trust is a vital part of today’s digital economy, and being at the cutting edge of this area of regulation will stand us in good stead for years to come.

The new regime is an evolution, rather than a revolution, but for those who were not fully aware of their duties under the previous regime, stiffer challenges lie ahead. Both Guernsey and Jersey have new regulatory bodies (albeit that a number of the “faces” will look familiar to islanders), but the message is very much “business as usual”.

For example, the members of Guernsey’s new Data Protection Authority focused on opportunity, collaboration and innovation at their launch event – using nimble regulation to lead from the front, to educate and collaborate. Enforcement is seen as a last resort, or as an appropriate response to repeated or deliberate infringements.

Demonstrating that you have a plan in place and are working to mitigate the core risks is much less likely to lead to sanctions. In a world where fresh guidance appears regularly, showing you have “a clue” as opposed to “no clue” and that you are adapting your culture is a good place to be.

That message will provide some comfort to businesses, as will the limited domestic transitional provisions which extend the deadline for compliance with certain areas of the new laws until May 2019.

Maintaining adequacy is clearly crucial. The message from Europe is positive in that regard. The efforts of the Crown Dependencies have been noted and each will retain adequacy, at least for the time being. The guidance on adequacy should not give us cause for concern, but we must accept that the concept of “adequacy” is under review by the European Commission and maintain focus on it.

Transparency is a key component of GDPR and the regulators’ approach and that theme flows through the new domestic laws. If you identify a problem, work to rectify it and/or take advice – do not wait for the regulator to uncover it.

Similarly, be transparent with customers – consider what data you collect and why, review the lawful basis for processing and make sure you’ve informed customers about your use of their data. Not only is this an opportunity to build relationships with your customers, but as we have seen from the deluge of (frequently unnecessary) “consent” emails, getting it wrong can lose you business.

The next step of the journey begins now; it is similar to reaching the start line of a marathon. We are working with clients and industry partners to develop best practice and shape the debate for the future, when AI and robotics will redefine “well regulated”. The time for a “breather” is over; the race has just begun.

Share
X.com LinkedIn Email Save as PDF
More Publications
Intellectual Property
19 Mar 2024

Guernsey retains its EU adequacy – as expected

The post-Brexit regulatory landscape continues to throw up challenges and jurisdictional arbitrage, ...

Private Client Trusts
20 Mar 2023

Trusts: Comparison between the Crown Dependencies

Our Private Client and Trusts specialists in Guernsey, Isle of Man and Jersey outline some of the ke...

ICLG Fintech 21 cover
19 Jan 2023

The Edinburgh Reforms: An Offshore Perspective

On 9 December 2022, the UK Chancellor of the Exchequer announced a package of reforms to the UK fina...

Private Client Trusts
27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

Fund Finance
25 Nov 2021

Regulatory Approach to ESG across the Crown Dependencies

New requirements may require investment products to display a label reflecting their sustainability ...

Fraud & Asset Tracing
30 Jul 2021

Fighting international fraud

First published in New Law Journal, July 2021. Appleby partners Anthony William and Jared Dann an...

Mergers and Acquisitions (M&A)
12 Mar 2021

Material adverse change clauses in light of the Covid-19 pandemic

Experts from each of our key global offices provide jurisdiction specific advice and answer question...

ABS02A
8 Mar 2021

Appleby Celebrates International Women’s Day

International Women’s Day is celebrated annually in support of gender equality and equal participa...

Private Equity
21 Sep 2020

The role of Private Equity in economic recovery from Covid-19

Against this gloomy backdrop, we expect private equity firms and their investors to play a key role ...