Data protection for individuals
What is GDPR?
It stands for General Data Protection Regulation, which is an EU law, adopted in the Isle of Man by an Order under the Data Protection Act 2018.
The Isle of Man had to implement the GDPR into its law so that it can continue to do business with EU countries.
New data protection provisions are in a set of regulations which set out all the data protection procedures and powers of the Information Commissioner, called the GDPR and LED Implementing Regulations 2018 which are in operation from 1 August 2018.
These provisions were previously in the Data Protection Act 2002.
How does it affect me – in the Isle of Man?
The new law gives you enhanced rights, so making a request for your own data is quicker and free of charge. It also includes types of data which would not have been included under old law.
The new law means that you will be notified if there is a failure by an organisation which means that your data was lost or exposed, and where such actions cause you damage or loss.
It means that organisations – in the public and private sector - will need to make sure that their policies and procedures are up to date, that they are lawfully able to process your data and that they must look after the data that they collect.
Organisations will need to make sure that they comply with the law and show that they are doing so. They must also also be transparent, telling you how and why they are processing your data and for how long they will keep it.
Requests for information
You can make a request to find out what information the Isle of Man Government holds about you by writing to or emailing the relevant Data Protection Officer (DPO) within the respective Department or Statutory Board.
Isle of Man Information Commissioner
The Information Commissioner provides a wealth of guidance and tools on data protection.