Dr. Jay Fedorak spoke to an oversubscribed Jersey Data Protection Association event on the 26th November. The Information Commissioner opened with a brief overview of recent changes in the Office of the Information Commissioner. He detailed the growth in the number of staff and organisational structure, as the team develop to meet new challenges. He drew attention to the impending transition to greater financial and governance independence from the States of Jersey.
Dr. Fedorak highlighted that most of the office’s workload since the change in law in May 2018 has been complaints regarding the improper ‘disclosure’ of data as opposed to concerns with data collection. The team’s work load has trebled between May to October 2018 as compared to the same period in 2017.
The Information Commissioner walked attendees through the top level elements of a good ‘Data Protection Programme’;
- Data Protection Officer
- Know your personal data – create an inventory
- Appropriate Data Protection policies and protocols, to include Subject Access Requests and reporting breaches
- Training & awareness
- Periodic reviews and audits
- Executive buy-in
Dr Fedorak spent a few moments reinforcing the importance and power of the periodic review, whether it is a spot audit or more in-depth, the review identifies any deficiencies in your organisation’s Data Protection programme. An essential part of the policy is the executive buy-in and Dr. Fedorak offered to help anyone who believes that they are not getting executive support and commitment, he will happily speak to any organisation to detail how and why this is so critical.
Our goal is to provide the people of Jersey with the highest standard of data protection, while also preserving their economic interests.