About

As well as providing training and a GDPR Toolkit (details below) I also provide extended support to people who have attended training, bought the toolkit, or just need some friendly guidance. The GDPR Toolkit can be found here http://www.adaptconsultingcompany.com/gdprtoolkit/ Jersey Business as supporting the GDPR Training and they can be found at https://www.jerseybusiness.je/get-advice/it-office-systems/data-protection-small-business/

Thursday 18 January 2018

Do charities need to register for Data Protection and what will be costs be?


QUESTION

Do charities need to register with the Data Protection Authority (Jersey) ? What will be costs be?

RESPONSE

Simple Answer: YES, We don't know yet.

This is a really great question because at the moment there are a number of organisations who are not registered under the current Data Protection Law, and who may be required to register and pay fees under the new law.

The States of Jersey has unanimously adopted the draft Data Protection (Jersey) Law 201- and the draft Data Protection Authority (Jersey) Law 201-. The legislation will now be sent to the Privy Council for sanction. It is anticipated that (subject to Royal Assent) the laws will come into force on or before 25 May 2018 when the EU's General Data Protection Regulation will also come fully into force.

P.116/2017 Draft Data Protection (Jersey) Law 201- 
P.117/2017 Data Protection Authority (Jersey) Law 201- 

You can see the draft legislation here…

I note the flat annual fee may be much lower if Charities as a sector can demonstrate good practice with secure + private data. So there may be value in being coordinated and lobbying for a low or possibly no charge.

The  recommendation  is  a  risk-based  tiered  administrative  charge.  With  this  option,  organisations acting as data processors or controllers would be assessed and classified  according  to  the  risk  of  their  processing  activities,  then  allocated  to  a  tiered-band  defined by their perceived risk. A flat annual fee for this tier would be then be levied  against the organisation. 

Irrespective of whether there is a charge, it is clear that Data Protection (Jersey) Law will apply to Charities. Article 27 sets the fines much lower for not for profit organisations, but it is very clear that fines can apply.

(3)  An administrative fine ordered against any person whose processing of  data that gave rise to the fine was in the public interest and not for profit  must not exceed £10,000.

GDPR ADVICE FOR LOCAL CHARITIES AND NOT-FOR-PROFIT

I am working with Jersey Community Partnership and Association of Jersey Charities to possibly set-up a presentation / workshop to talk about GDPR for local Charities and Not-for-Profit. This will probably be Tuesday 30th January and I look forward to confirming details in due course.

In the meantime, for January, I have proposed a useful approach to help local charities might be if organisations pick a question or topic and I offer general advice on best approach which we can publish and share with other charities and not-for-profit organisations.

You can email with your question or topic at timhjrogers@gmail.com

CONTACT

TimHJRogers@AdaptConsultingCompany.Com
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com

No comments:

Post a Comment