Updated 12 July 2019
Words you may need to know
Information Commissioner - this is the person who has responsibility for Freedom of Information ( FOI) and Data Protection ( DP) in the islands. (Jersey and Guernsey)
Complied with - to obey something
Unsolicited - unasked for
Unauthorised disclosure - giving out information without the consent of the person concerned
Constraints - something that limits actions
Processing - a series of actions with an aim in mind
CCTV - Close Circuit television . A video recording of people / places. A way of recording what is happening with the recording being on a tape or device.
Independent - free from control
Jersey Office of the Information Commissioner
The Commission website includes information about:
- the work of the Commission
- online notifications and enquiry forms
- guidance notes
- ‘GDPR’ – General Data Protection Regulation
- Annual reports, Policy statements etc.
Data Protection (Jersey) Law 2018
If you have problems with Data Protection or Freedom of Information you can contact the Office of the Information Commissioner.
The new law covers manual/ paper records, as well as electronically processed, personal information such as that held on computers or other devices.
Who holds data or information
Many businesses hold information about you and under the law you may have a right to see it and have any incorrect information corrected. The person in a company with responsibility for making sure that the law is complied with is called the Data Controller. The information or data usually belongs to the company.
Requesting information about yourself- Subject Access Request
You have the right to find out if an organisation is using or storing your personal information. This is called the right of access. You exercise this right by asking for a copy of the information, which is commonly known as making a ‘subject access request’.
Article 27 of the Data Protection (Jersey) Law 2018 provides for the requests by individuals to access their personal information. For more information on the right to access your personal information, see Right to Access Personal Information
Right to Access Template letter
[Your full address]
[Your phone number]
[Your email address]
[Data Protection Officer / Data Protection Lead]
[Name of the organisation]
[Address of the organisation]
[Reference number (if applicable)]
Dear [Sir or Madam/name of the person you have been in contact with]
Subject access request
[Your full name and address (if different from above) and any other details such as account number to help identify you and the data you want.]
Please supply the data about me that I am entitled to under [select between Article 28 for general or Article 29 specifically for health records] of the Data Protection (Jersey) Law 2018 relating to: [give specific details of the data you want, for example:
- my personnel file
- emails between ‘person A’ and ‘person B’ (from 1 June 2017 to 1 Sept 2017)
- my medical records (between 2014 and 2017) held by ‘Dr C’ at ‘hospital D’
- CCTV camera situated at (‘location E’) on 23 May 2017 between 11am and 5pm
- copies of statements (between 2013 and 2017) held in account number xxxxx.]
If you require a form of identity verification, please let me know as soon as possible. It may be helpful for you to know that the data protection law requires you to respond to a request for data within 4 weeks. If you cannot respond within this timescale, please tell me when you will be able to respond.
If you need advice on dealing with this request, the Jersey Office of the Information Commissioner (JOIC) can assist you. There is guidance on the website at www.jerseyoic.org or you can call them on 01534 716530.
Yours faithfully / sincerely,
[Your full name]
Complaints under the Data Protection Law
You have a right to raise a complaint with the Jersey Office of the Information Commissioner, see Making a Complaint
CCTV Code of Practice
The Data Protection (Jersey) Law 2018 controls the processing of CCTV images of individuals. There is a Code of Practice for CCTV use at :