There is clear demand for guidance and good practice information over new data protection legislation.
That’s one of the conclusions of a public consultation on proposed General Data Protection Regulation (GDPR) legislation.
New EU GDPR regulations on controlling and processing personal data come into force next month and mean that all organisations that carry out business with Europe must comply or face hefty fines.
Proposed orders and regulations made under the island’s new Data Protection law to ensure full compliance with GDPR were issued with the public consultation which ran from January 23 to March 5.
-(1).jpeg?width=209&height=140&crop=209:145,smart&quality=75)
Amended orders and regulations have now been published, addressing the feedback and comments.
Thirty two organisations and 25 individuals made responses to the public consultation.
Clear themes emerged which included the need for guidance and good practice information, concerns around divergence from the UK position and the need to ensure that sanctions are enforceable.
Some 22 respondents thought the maximum penalty of £1m for infringing GDPR rules was an effective penalty. Twelve thought the amount was too high and eight thought it should be higher. The EU has a maximum fine of 4% of turnover.
An initial list of proposed exemptions were included in the draft regulations. Thirty respondents considered the exemptions sufficient but 15 others said they weren’t.
An exemption for journalistic purposes from GDPR was raised as part of the consultation and this is now included in the implementing regulations, which have been published alongside the amended orders.
Proceedings before a court or tribunal would be stopped if the information commissioner deems publication is in the public interest. Personal data processed for scientific, historical research or statistical purposes is also exempt.
Chief Minister Howard Quayle told the Examiner: ’While I understand the reluctance to have another layer of red tape, we need to comply or we will not be able to do business with the EU.
’We must not do anything to compromise that.’
deadline
In Tynwald last week, Policy and Reform Minister Chris Thomas admitted a deadline for updating the legislation in the Isle of Man was self-imposed.
He came under questioning from Lawrie Hooper (LibVan, Ramsey), who queried the need to ensure that our data protection laws are updated by May 25-26.
Mr Hooper demanded to know why there was ’all the pressure to pass legislation quickly’ when the Minister himself said the European Commission had indicated the current EU data protection adequacy would be reviewed within four years.
Mr Thomas said the deadline was a ’good faith’ commitment by the Isle of Man and other jurisdictions to have regulations updated by the end of May, when the EU was due to issue new guidelines.
Mr Hooper said: ’I just want to be clear then, the May 26 deadline is self-imposed. It is not a deadline that is being imposed on us by the European Commission?’
Mr Thomas finally conceded the deadline was self-imposed as part of the Programme for Government. ’So, it is self-imposed in that sense,’ he said. ’Perhaps there would have been alternatives, but politics is not that simple.’
There will be a special feature about GDPR in the Isle of Man Examiner of May 22.
Comments
This article has no comments yet. Be the first to leave a comment.