The Isle of Man has an adequacy decision which is based upon the current provisions of the Data Protection Act 2002, allowing it to do business and in particular carry out international transfers of data. It is important for the Isle of Man to retain its adequacy and ensure equivalence of legislation which also takes into account the new and enhanced rights, fines and penalties within the GDPR by enacting its own legislation.
The Isle of Man will implement new law in two new Orders in Council made under the European Communities (Isle of Man) Act 1973 for each of the GDPR, and also the Police and Criminal Justice Directive (also known as the Law Enforcement Directive), which contains similar provisions for organisations processing data for the purposes of crime prevention, investigation, and law enforcement. These Orders will in turn repeal the existing Data Protection Act 2002 and instead will be supplemented by a set of Isle of Man Regulations which mirror the provisions of the Data Protection Act 2002 but which will be augmented to reflect the requirements of the GDPR and LED. In due course, the intention will be to draft a new Bill, to cover the GDPR, the LED, and any other supplementary requirements for a cohesive and up to date data protection law.