The Jersey Office of the Information Commissioner (JOIC) are changing their fee structure from 1 January 2020.
The move sees the JOIC following instruction from the Government of Jersey, as part of a transition to greater independence. The new fee regulation was approved at a meeting of the States Assembly on 10 December 2019.
From 1 January 2020, organisations in the Island that process personal information will be legally obliged to adhere to registration requirements and the new funding structure (subject to exemptions).
The new fee structure, which has been formed following consultation with industry, is based on processing ‘risk’. To assess the appropriate fee, the following has been considered; the size of the organisation, the local annual financial turnover of the organisation, whether the organisation is subject to the Proceeds of Crime (Jersey) Law 1999 and if the organisation processes special category data.
Deputy Information Commissioner, Paul Vane says ‘As per the spirit of the General Data Protection Regulation, we have abolished the indiscriminate general registration requirements and replaced them with a registration and in particular a fee regime that reflects risk to the rights and freedoms of individuals based on the nature of each organisation and the volume of processing activity.
The previous registration and fee process made no distinction between a sole trader business that processes non-sensitive, very basic personal data, such as a small shop with CCTV in operation, and a large multi-national corporation that processes large amounts of special category personal data, such as a large banking organisation. This regime has long been considered as unfair and overly burdensome.
The new fee structure will ensure the JOIC is better positioned to provide the highest levels of data protection for the people of Jersey and support the Island’s reputation as a well-regulated jurisdiction. It will see a significant increase in guidance, resources and support for Island organisations and individuals. It also includes a new online registration process that will reduce the administrative burden of registration, by making it simpler, easier to understand and less time consuming.’
The new structure only permits for registration renewals in January of each year to cover personal information processing during that calendar year. Payments, if applicable, are due by the end of February, that same year.
- Any registrations due to expire up until the end of December 2019 must be renewed as normal under the current system before the end of December 2019 to ensure ongoing compliance as per the Data Protection (Jersey) Law 2018.
- In addition, data controllers and processors MUST renew all registrations again in January 2020 to comply with the new registration requirements. Annual registrations will run January to December each year.
- Please note that a pro-rata credit will be applied where relevant to the renewals in January 2020 to reflect the adjustment in registration timings.
- Please note that going forward, all registrations will expire at the end of December each calendar year.
Please note that the new registration and fee structure will not be available until 1 January 2020.
JOIC will be issuing additional guidance and links to help navigate the new, simpler process later in December.
The JOIC team will be holding workshops to provide registration guidance and support on:
Wednesday 08 January 2020 – 10:00 - 10:30
Wednesday 08 January 2020 – 14:00 - 14:30
Wednesday 15 January 2020 – 10:00 - 10:30
Wednesday 15 January 2020 – 14:00 - 14:30
All JOIC events are listed online at www.jerseyoic.org/events
Please note that the existing process will remain in place until 1st January 2020.