Data protection & GDPR on the Isle of Man
This website is intended as a guide, and should not be construed as legal advice or an authoritative statement of the law.
Organisations and individuals should take independent advice.
What is GDPR?
GDPR stands for General Data Protection Regulation. This is an EU law.
The GDPR sets out the rights of the individual and establishes the obligations of those processing and those responsible for controlling and holding data. It also establishes the methods for ensuring compliance as well as the scope of sanctions and penalties for those in breach of the rules.
Key parts of the GDPR include a widened definition of personal data, new obligations for processors as well as boosted rights for individuals.
The Isle of Man has implemented the GDPR into its law so that it can continue to do business with EU countries.
The GDPR has been implemented in the Isle of Man using an Order made under a new Data Protection Act 2018 which enables the Isle of Man to bring in EU laws relating to data protection. New data protection provisions are in a set of regulations which set out all the data protection procedures and powers of the Information Commissioner, called the GDPR and LED Implementing Regulations 2018.
These provisions were previously in the Data Protection Act 2002.
GDPR sits alongside the EU's Law Enforcement Directive (LED), which contains similar provisions for organisations processing data for crime prevention, investigation and law enforcement.
The legislative approach
The Isle of Man has introduced a short Data Protection Act 2018. This gives specific powers to introduce EU data protection as part of Manx law – after approval by Tynwald – and then implemented with any necessary Regulations.
It is the GDPR and LED Implementing Regulations 2018 which will contain the legal essence of the Island's approach to GDPR and which should be read as a replacement for the existing Data Protection Act 2002.
This approach ensures that the Island's legislative position is equivalent to the GDPR so that we can meet EU requirements, but it will also allow more flexibility in future.
Here is a simple guide to the legislative process and the legislation relating to data protection.