The rights and duties set out in the Data Protection (Jersey) Law 2018 (DPJL) are designed to apply generally, but there are some exemptions from, and modifications to, various provisions of the DPJL. These are contained at Part 7 (Arts.40-65) of the DPJL.
If an exemption applies, then (depending on the circumstances) you will be exempt from the requirement:
• to grant subject access to personal data; and/or
• to give privacy notices; and/or
• not to disclose personal data to third parties.
Entitlement to an exemption depends in part on your purpose for processing the personal information in question – for example, there is an exemption from some of the DPJL’s requirements about disclosure and non-disclosure that applies to processing personal information for purposes relating to crime and taxation.
However, you must consider each exemption on a case-by-case basis because the exemptions only permit you to depart from the DPJL’s general requirements to the minimum extent necessary to protect the particular functions or activities the exemptions concern.
This is part of a series of guidance to help organisations fully understand their obligations, as well as to promote good practice. The guidance includes case studies to help readers understand some of the more complex issues.