Data protection for individuals
What is GDPR?
It stands for General Data Protection Regulation, which is an EU law.
The Isle of Man needs to implement the GDPR into its law by 25 May 2018 so that it can continue to do business with EU countries.
The GDPR will be implemented in the Isle of Man using a new Data Protection Bill – and new data protection provisions will be in a set of regulations which set out all the data protection procedures and powers of the Information Commissioner.
These were previously in the Data Protection Act 2002.
How does it affect me – in the Isle of Man?
The new law gives you enhanced rights, so making a request for your own data is quicker and free of charge. It also includes types of data which would not have been included under old law.
The new law means that you will be notified if there is a failure by an organisation which means that your data was lost or exposed, and where such actions cause you damage or loss.
It means that organisations – in the public and private sector - will need to make sure that their policies and procedures are up to date, that they are lawfully able to process your data and that they must look after the data that they collect.
Organisations will need to make sure that they comply with the law and show that they are doing so. They must also also be transparent, telling you how and why they are processing your data and for how long they will keep it.
Requests for information
You can make a request to find out what information the Isle of Man Government holds about you by writing to or emailing the relevant Data Protection Officer (DPO) within the respective Department or Statutory Board.
Isle of Man Information Commissioner
The Information Commissioner provides a wealth of guidance and tools on data protection.