What is GDPR?
GDPR (General Data Protection Regulation) sets out the rights of the individual and establishes the obligations of those processing and those responsible for controlling and holding data. It also establishes the methods for ensuring compliance as well as the scope of sanctions and penalties for those in breach of the rules.
Key parts of the GDPR include a widened definition of personal data, new obligations for processors as well as boosted rights for individuals.
The Isle of Man has implemented the GDPR into its law so that it can continue to do business with EU countries.
The GDPR has been implemented in the Isle of Man using an order made under a new Data Protection Act 2018 which enables the Isle of Man to bring in EU laws relating to data protection. New data protection provisions are in a set of regulations which set out all the data protection procedures and powers of the Information Commissioner, called the GDPR and LED Implementing Regulations 2018.
These provisions were previously in the Data Protection Act 2002.
GDPR sits alongside the EU's Law Enforcement Directive (LED), which contains similar provisions for organisations processing data for crime prevention, investigation and law enforcement.