Jersey’s Data [JOIC] Audit Programme Enters Phase Two

The Jersey Office of the Information Commissioner (JOIC) is continuing its programme of data protection audits to raise awareness of the benefits to business of good data protection, improve respect for personal information and ensure organisations across Jersey are compliant with the Data Protection (Jersey) Law 2018.

The programme, which began in November 2020, forms part of the JOIC’s Regulatory Action and Enforcement Policy.

The programmes key features are:

• The programme, forms part of the JOIC’s regulatory action and enforcement policy.
• The goals of these audits are to assist businesses to discover the strengths and weaknesses in their data protection management programmes.
• They will identify gaps in security to decrease the risk of personal data breaches and act like a dose of preventative data protection healthcare.
• They will not involve naming and shaming.
• The results of the audits will be available only to the businesses themselves for their benefit.
• However, JOIC may make public generic findings from the audits in unidentifiable form.

Businesses involved in the audits will not be named at any stage and the results of the audits will be available only to the businesses themselves, for their benefit.

At the start of phase 2 - JOIC’s Compliance and Enforcement Manager Adrian Hayes explained:

• The objective of our data protection audit programme is to reach out to data controllers and processors at the heart of their operations.
• We aim to discover their needs in protecting the personal information of individuals and to identify how we can help them to comply with data protection law.
• This programme will assist us in developing positive working relationships with Island organisations to meet our common goal of ensuring Jersey remains a safe place to do business and store data.”

At the start of phase 2 - JOIC Compliance and Enforcement Manager Adrian Hayes said:

• “The first phase of our Data Protection Audit Programme, which took place during November last year, was extremely successful.
• Our office experienced positive engagement and constructive dialogue with all involved, resulting in greater awareness about the importance of data protection.
• The objective of our programme is to reach out to data controllers and processors at the heart of their operations.
• We aim to discover their needs in protecting the personal information of individuals and to identify how we can help them to comply with data protection law.

The challenging times Islanders have faced in the past 18 months due to the Covid-19 pandemic have only reinforced the importance of personal information rights and the Data Protection (Jersey) Law 2018.

This second phase will continue to assist our office in developing positive working relationships with Island organisations to meet our common goal - ensuring Jersey remains a safe place to do business and store data.”

https://jerseyoic.org/news-articles/news/joic-data-protection-audit-programme-enters-phase-two/