Data protection & GDPR on the Isle of Man
The Isle of Man Government is currently reviewing and revising the Island’s Data Protection law to ensure and enable individuals to have more control and better protection of their personal data. This comes as preparations are underway to implement new data protection law to ensure that the Isle of Man maintains its current adequacy rating with the European Union and that all requisite controls and processes are in place before the General Data Protection Regulation (GDPR) goes live on 25 May 2018.
The Government stated in its Programme for Government that it would apply the GDPR where applicable and strengthen the individuals rights through the revision and strengthening of data protection law. The rights include the ability for individuals to request access to their data, or for it to be erased, rectified or blocked.
Businesses on the Island will be supported by Government as they apply the requirements of GDPR and the revised Manx data protection law in their management and securing of data.
The powers for enforcement given to the Information Commissioner are also further being reviewed and revised where applicable to meet the intent of the GDPR and Manx data protection law to defend consumer interests and rights. These powers will potentially include the issuance of higher fines for serious data breaches.
The revised Manx Data Protection law will:
- require organisations to simplify the withdrawal of consent for the use of personal data
- enable individuals to request their personal data held by companies to be erased or rectified
- enable parents and guardians to give consent for their child’s data to be used
- enable processing of sensitive personal data but will require ‘explicit’ consent to enable this processing
- include IP addresses, internet cookies and DNA in the definition of ‘Personal Data’
- mean that personal data held by companies will be more readily available for disclosure upon request by the individual concerned.