DATA PROTECTION (Jersey) LAW 2018 (the DPJL)

The DPJL replaced the former 2005 Law on 25th May 2018. It mirrors many of the of the provisions of GDPR and its purpose is to protect natural persons in relation to the processing and free movement of their personal information.

Fundamentally, the Law is about updating and extending the provisions that have been in place for many years to recognise technological advancements, and to provide individuals with greater control over what happens to their personal information. It includes additional rights for data subjects and greater accountability and transparency requirements for organisations.


The DPAJL also came into effect on 25th May 2018 and creates a new statutory body responsible for overseeing the protection of personal information of natural persons. This body is known in Law as the Data Protection Authority and is chaired by Mr Jacob Kohnstamm. The Authority oversees the activities of the OIC, which is headed up by the Information Commissioner, Mr Jay Fedorak, and the Deputy Information Commissioner, Mr Paul Vane.

The DPAJL also sets out the powers, enforcement capabilities and statutory functions of the Data Protection Authority and OIC. Furthermore, it sets out the framework for the registration of controllers and processors and the associated fees.

DATA PROTECTION (Registration and Charges)(Jersey) REGULATIONS 2018

These Regulations are created from Articles 18 and 46 of the DPAJL and set out the registration requirements for controllers and processers, as well as the fees associated with registration. The intention is to replace these Regulations in early 2019 once the Data Protection Authority establishes a new model of registration.