Draft:Jersey Data Protection Authority

The Jersey Data Protection Authority (JDPA) is the data protection regulatory authority for Jersey, a British Crown Dependency located in the English Channel.

It responsible for overseeing the Data Protection (Jersey) Law 2018. and the Freedom of Information (Jersey) Law 2011.

It comprises the Jersey Data Protection Authority and the Jersey Office of the Information Commissioner (JOIC).

Legal framework
In 2005 the Data Protection (Jersey) Law was enacted, and this was updated in 2018 to reflect the requirements of the European Union's General Data Protection Regulation. Jersey was recognised as having equivalent data protection protections to the EU in 2008, and has maintained equivalency with the EU ever since.

in 2011 Jersey introduced the Freedom of Information (Jersey) Law, which gave the public a legal right to request information held by certain public authorities for the first time.

Powers
Under the legislation, the Data Protection Authority has a broad range of powers, including:


 * Powers of investigation and inquiry;
 * Powers of determination; and
 * Powers to apply sanctions, including issuing a reprimand, a warning, an order to remediate any areas of non-compliance, or a fine.

The Authority has the power to issue an administrative fine of up to £300,000 or 10% of turnover, although this power has not yet been used.

Leadership
The Data Protection (Jersey) Law 2005 first established the role of Data Protection Registrar, to be appointed by the States Assembly. Following a period of joint data protection regulation with the Bailiwick of Guernsey, the Data Protection Authority (Jersey) Law 2018 was passed establishing the current role of Information Commissioner. The Freedom of Information (Jersey) Law 2011 separately establishes an Information Commissioner, a role which is held by the same person.

Jacob Kohnstamm was appointed Chair of the Jersey Data Protection Authority effective 25 May 2018.

Paul Vane was appointed Information Commissioner on 2 July 2011, following the departure of Dr Jay Fedorak who had held the role since 2018. Mr Vane had previously served as Acting Information Commissioner following the resignation of Emma Martins, who had served in the role since her appointment as Jersey's initial Data Protection Registrar in 2005