1. Interpretation

REGULATION

2. Particulars in register

REGULATION

3. Notification of registration

REGULATION

4. Requirement to notify changes to particulars

REGULATION

5. Controllers already registered

REGULATION

6. Requirement to pay annual charge

REGULATION

7. Power to remove entry in register

REGULATION

8. Citation and commencement

REGULATION

1. Staff administration

SCHEDULE

2. Accounts and records

SCHEDULE

3. Non-profit associations

SCHEDULE

Data Protection (Registration and Charges) (Jersey) Regulations 2018

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

1. Interpretation

In these Regulations –

“Law” means the Data Protection Authority (Jersey) Law 2018[2];

“register” means a register of controllers and processors who are required to register under Article 17 of the Law;

“registration period” has the same meaning as in paragraph 2 of Schedule 2 to the Law;

“staff” includes persons employed within the meaning of the Employment (Jersey) Law 2003[3] and volunteers.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

2. Particulars in register

The Authority may include the following particulars in an entry in a register –

(a)     whether the entry is in respect of a controller or processor or both;

(b)     a registration number issued by the Authority in respect of the entry;

(c)     the date on which the entry is treated as having been included in the register;

(d)     information that may assist persons consulting the register to contact any controller to whom the entry relates about the processing of personal data;

(e)     such further information as the Authority considers necessary or expedient for the purposes of fulfilling its functions under the Law.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

3. Notification of registration

The Authority must, as soon as practicable and in any event within 28 days of making, amending or removing an entry in a register, notify the controller or processor to whom the entry relates –

(a)     of the making or amending of the entry, the date of that entry or amendment and the particulars currently included within the entry; or

(b)     of the removal of the entry,

as the case may be.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

4. Requirement to notify changes to particulars

(1)     Registered controllers and registered processors must notify the Authority of any change in the particulars that they were required to provide to the Authority in respect of their application for registration as soon as practicable and in any event within 28 days of the change.

(2)     Controllers to whom Regulation 5 applies must notify the Authority of any change in the particulars included in their entry in the register maintained under the Data Protection (Jersey) Law 2005[4] on or before the end of the registration period.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

5. Controllers already registered

(1)     This Regulation applies to any controller who is exempt from the requirement to register under Part 3 of the Law until the end of the registration period by virtue of paragraph 2 of Schedule 2 to the Law.

(2)     A controller to whom this Regulation applies must, at the end of the registration period, be registered under Article 17 if the provisions of these Regulations are met.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

6. Requirement to pay annual charge

(1)     Subject to paragraph (2), registered controllers and registered processors must pay an annual charge of £50 on each anniversary of –

(a)     the date of first registration under Article 17 of the Law; or

(b)     in the case of controllers to whom Regulation 5 applies, the end of the registration period.

(2)     A registered controller is exempt from paying the charge in paragraph (1) if the only processing carried out by that controller is processing that –

(a)     falls within any of the classes of processing set out in the Schedule; or

(b)     would fall within one of those classes of processing but for paragraph 1(d), 2(d) or 3(e) of the Schedule and where the disclosure –

(i)      is required by law or by order of a court, or

(ii)      is permitted by Article 64 of the Data Protection Law.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

7. Power to remove entry in register

The Authority may remove an entry in a register where the controller or processor relating to that entry –

(a)     fails to comply with Regulation 4; or

(b)     fails to pay the charge as required by Regulation 6.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

REGULATION

8. Citation and commencement

These Regulations may be cited as the Data Protection (Registration and Charges) (Jersey) Regulations 2018 and come into force on 25th May 2018.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

SCHEDULE

1. Staff administration

Processing that –

(a)     is for any one or more of the purposes, in relation to the staff of the registered controller, of appointment, removal, pay, discipline, superannuation, work management and any other human resources matter;

(b)     is of personal data in respect of which the data subject is –

(i)      a past, existing or prospective member of staff of the registered controller, or

(ii)      any person the processing of whose personal data is necessary for any of the purposes referred to in sub-paragraph (a);

(c)     is of personal data consisting of any one or more of the following in respect of the data subject –

(i)      name,

(ii)      address,

(iii)     other identifiers,

(iv)     information as to qualifications,

(v)     information as to work experience,

(vi)     information as to pay,

(vii)    information as to any other matter the processing of which is necessary for any of the purposes referred to in sub-paragraph (a);

(d)     does not involve disclosure of the personal data to a third party otherwise than –

(i)      with the consent of the data subject, or

(ii)      in a case where it is necessary to make such disclosure for any of those purposes; and

(e)     does not involve keeping the personal data after the relationship between the registered controller and the data subject ends, except for so long as it is necessary to do so for any of those purposes.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

SCHEDULE

2. Accounts and records

Processing that –

(a)     is for any one or more of the following purposes so far as they relate to the conduct of any business or activity carried on by the registered controller –

(i)      keeping accounts,

(ii)      deciding whether to accept any person as a customer or supplier,

(iii)     keeping records of purchases, sales or other transactions in order to ensure that the requisite payments or deliveries are made or services provided by or to the registered controller in respect of those purchases, sales or other transactions,

(iv)     making financial or management forecasts;

(b)     is of personal data in respect of which the data subject is –

(i)      a past, existing or prospective customer, or supplier, of the registered controller, or

(ii)      a person the processing of whose personal data is necessary for any of the purposes referred to in sub-paragraph (a);

(c)     is of personal data (other than personal data processed by or obtained from a credit reference agency) consisting of any one or more of the following in respect of the data subject –

(i)      name,

(ii)      address,

(iii)     other identifiers,

(iv)     information as to financial standing,

(v)     information as to any other matter the processing of which is necessary for any of the purposes referred to in sub-paragraph (a);

(d)     does not involve disclosure of the personal data to a third party otherwise than –

(i)      with the consent of the data subject, or

(ii)      in a case where it is necessary to make the disclosure for any of those purposes; and

(e)     does not involve keeping the personal data after the relationship between the registered controller and the data subject ends, except for so long as it is necessary to do so for any of those purposes.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles

Data Protection (Registration and Charges) (Jersey) Regulations 2018

SCHEDULE

3. Non-profit associations

Processing that –

(a)     is carried out by a registered controller that is a non-profit association (as described in paragraph 10(a) of Schedule 2 to the Data Protection Law);

(b)     is for any one or more of the purposes of establishing or maintaining membership of or support for the non-profit association or providing or administering activities for individuals who are either members of the association or have regular contact with it;

(c)     is of personal data in respect of which the data subject is –

(i)      a past, existing or prospective member of the association,

(ii)      a person who has regular contact with the association in connection with any of the purposes referred to in sub-paragraph (b), or

(iii)     a person the processing of whose personal data is necessary for any of those purposes;

(d)     is of personal data consisting of any one or more of the following in respect of the data subject –

(i)      name,

(ii)      address,

(iii)     other identifiers,

(iv)     information as to eligibility for membership of the association,

(v)     information as to any other matter the processing of which is necessary for any of the purposes referred to in sub-paragraph (b);

(e)     does not involve disclosure of the personal data to a third party other than –

(i)      with the consent of the data subject, or

(ii)      in a case where it is necessary to make the disclosure for any of those purposes; and

(f)      does not involve keeping the personal data after the relationship between the registered controller and data subject ends, except for so long as it is necessary to do so for any of those purposes.

Click on the below headings to view info on GDPR and our guidance notes related to this article or schedule.

GDPR Article GDPR Recital Guidance Notes

There are no associated Articles