What law we are using to collect and process personal data

We can only process personal data where the law allows us to.  In this case, we are processing personal data because the law requires it and we are processing that personal data as part of carrying out that task in the public interest. The Isle of Man’s data protection laws allow for this.

This lawful basis is set out in Article 6(1)(e) of the General Data Protection Regulation (GDPR)*: ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.

Departments and Statutory Boards are controllers of the data they hold. They are under a legal direction from the Council of Ministers to provide information and assistance to the Review. 

The Chief Secretary (now the Chief Executive Officer, Isle of Man Government) has issued a Direction Notice on behalf of the Council of Ministers under the Government Departments Act 1987 section 6(2) and paragraph 12 of Schedule 2 of the Statutory Boards Act 1987.  

This Direction Notice instructs Departments and Statutory Boards to supply information, provide assistance, and allow the inspection of documents by the Chair of the Review and her team for the purposes of the Review.