Updated 29 June 2020
Words you may need to know
Information Commissioner - this is the person who has responsibility for Freedom of Information ( FOI) and Data Protection ( DP) in the islands. (Jersey and Guernsey)
Complied with - to obey something
Unsolicited - unasked for
Unauthorised disclosure - giving out information without a lawful basis
Constraints - something that limits actions
Processing - a series of actions with an aim in mind
CCTV - Close Circuit television . A video recording of people / places. A way of recording what is happening with the recording being on a tape or device.
Independent - free from control
Jersey Office of the Information Commissioner
The Commission website includes information about:
- the work of the Commission
- online notifications and enquiry forms
- guidance notes
- Data Protection (Jersey) Law 2018
- Other relevant data protection legislation
- Annual reports, Policy statements etc.
Data Protection (Jersey) Law 2018
The Data Protection (Jersey) Law 2018 controls how organisations, businesses or the Government uses your personal information and is Jersey's implementation of the EU General Data Protection Regulation (GDPR).
Who holds data or information
Many businesses process information about you and under the law you have a right to be told what is being done with that information. You have other rights too, such as a right to have inaccurate information corrected. The person in a company with responsibility for making sure that the law is complied with is called the Data Controller and they are the ones who make the decisions about what to do with your information.
Requesting information about yourself- Subject Access Request
You have the right to find out if an organisation is processing your personal information. This is called the right of access. You exercise this right by making what is commonly known as a ‘subject access request’.
Article 27 of the Data Protection (Jersey) Law 2018 provides for the requests by individuals to access their personal information. For more information on the right to access your personal information, see Right to Access Personal Information
Right to Access Template letter
[Your full address]
[Your phone number]
[Your email address]
[Data Protection Officer / Data Protection Lead]
[Name of the organisation]
[Address of the organisation]
[Reference number (if applicable)]
Dear [Sir or Madam/name of the person you have been in contact with]
Subject access request
[Your full name and address (if different from above) and any other details such as account number to help identify you and the data you want.]
Please supply the data about me that I am entitled to under Article 28 of the Data Protection (Jersey) Law 2018 relating to: [give specific details of the data you want, for example:
- my personnel file
- emails between ‘person A’ and ‘person B’ (from 1 June 2017 to 1 Sept 2017)
- my medical records (between 2014 and 2017) held by ‘Dr C’ at ‘hospital D’
- CCTV camera situated at (‘location E’) on 23 May 2017 between 11am and 5pm
- copies of statements (between 2013 and 2017) held in account number xxxxx.]
If you require a form of identity verification, please let me know as soon as possible. It may be helpful for you to know that the data protection law requires you to respond to a request for data within 4 weeks. If you cannot respond within this timescale, please tell me when you will be able to respond.
If you need advice on dealing with this request, the Jersey Office of the Information Commissioner (JOIC) can assist you. There is guidance on the website at www.jerseyoic.org or you can call them on 01534 716530.
Yours faithfully / sincerely,
[Your full name]
Complaints under the Data Protection Law
You have a right to raise a complaint with the Jersey Office of the Information Commissioner, see Making a Complaint
CCTV Code of Practice
Guidance can be found on the Commissioner's website here - https://jerseyoic.org/resource-room/surveillance-for-individuals/