Treasury and Resources
Ministerial Decision Report
Contingency funding of £350,000 to the Office of the Data Protection Commissioner for implementation costs arising from the new General Data Protection Regulation
- Purpose of Report
To approve a non-recurring transfer of up to £350,000 in 2018 from Central Contingencies to the Office of the Data Protection Commissioner revenue head of expenditure in respect of implementation costs arising from the new General Data Protection Regulation.
- Background
The current data protection regime in Jersey received an ‘adequacy’ decision from the EU Commission in 2008, meaning that the Data Protection (Jersey) Law 2005 is judged to provide an essentially equivalent level of protection as the European Union’s (‘EU’), and that data may therefore flow freely to and from the Island and EU member states.
The Government of Jersey has committed to renewing the ‘adequacy’ decision under a new European data protection regime. It has undertaken to meet the requirements of the EU General Data Protection Regulation (‘the GDPR’) and EU Law Enforcement Directive on the protection of personal information processed for the purposes of policing and public protection (the ‘Directive’).
The Data Protection Authority (Jersey) Law 201- creates a new data protection authority that will be fit for purpose to regulate the new data protection regime. (In parallel, the Data Protection (Jersey) Law 201- has been lodged to ensure continued adequacy. It bolsters the rights of the individual in relation to their personal data in the same areas as the GDPR and the Directive).
The new Data Protection Authority (the ‘Authority’), constituted under the Data Protection Authority (Jersey) Law 201-, has an expanded role to properly regulate the Data Protection (Jersey) Law 201-
The Authority will be required to adopt a more proactive approach and to employ a wider and more robust range of regulatory powers and sanctions, with less emphasis placed on the role of courts to resolve disputes. This will place a considerably greater burden on the Authority and it is essential to provide it with additional resources commensurate with that burden, to allow it to carry out its new duties.
A revenue model has been proposed that will both meet the requirements of the new legislation in respect of industry registration fees and provide increased revenue that will help enable the office to implement and enforce that legislation, and its increased function.
There will be a transitional period during which time the Authority will roll out the operating and fees model and begin to levy increased revenue. Additional funding has been approved to support these implementation costs and to meet the Authority’s increased running costs during the transitional period.
An additional £350,000 is required to support one-off implementation work.
3. Recommendation
The Minister for Treasury and Resources is recommended to approve a non-recurring transfer of up to £350,000 in 2018 from Central Contingencies to the Office of the Data Protection Commissioner revenue head of expenditure.
4. Reason for Decision
Article 17(2) of the Public Finances (Jersey) Law 2005 states that the Minister for Treasury and Resources is authorised to approve the transfer from contingency expenditure to heads of expenditure of amounts not exceeding, in total, the amount available for contingency expenditure in a financial year.
The current Contingency Allocation Policy (published as R.110/2017) sets the requirement for all allocations from Contingency over £100,000 to be considered by the Council of Ministers prior to submission to the Minister for approval.
At its meeting on 8th November 2017 the Council of Ministers recognised the importance of this legislation and endorsed the Draft Data Protection (Jersey) Law 201- and the draft Data Protection Authority (Jersey) Law 201-. On 24th November 2017 the CoM were requested to approve additional transitional running and implementation costs.
P.117/2017 Draft Data Protection Authority (Jersey) Law 201- was agreed by the States at its sitting on 16th January 2018.
The Office of the Information Commissioner (“OIC”) will be asked to prepare a mini-business case detailing the funds required, how they will be utilised and the outcomes that will be delivered. The Office of the Data Protection Commissioner will then be able to draw down up to the amounts set out in this decision once the Chief Minister’s Department and the Treasurer of the States have been provided with evidence that expenditure has been incurred or needs to be committed. Those drawdowns will then be effected by documented decision of the Treasurer.
5. Resource Implications
The Office of the Data Protection Commissioner revenue head of expenditure will increase by up to £350,000 in 2018 and Central Contingencies will decrease by an identical amount.
This decision does not change the total amount of expenditure approved by the States for 2017-2019 in the Medium Term Financial Plan.
Report author : Head of Decision Support | Document date 15th January 2018 |
Quality Assurance / Review : Director of Financial Planning and Performance | File name and path: L:\Treasury\Sections\Corporate Finance\Ministerial Decisions\DS, WR and SD\2018-0011 - C22 Contingency funding to OIC for Data protection Authority £350k |
MD Sponsor: Director of Financial Planning and Performance |