Newsletter

Jersey Consumer Council

Monthly Archives: April 2018

GDPR – What is it all about?

April 23, 2018 Consumer Skills, Top tips No Comments

General Data Protection Regulations will drastically change the way businesses can collect, store and protect the personal information of their customers, clients, and even visitors to a website.

GDPR defines personal data as anything that can be used to directly or indirectly identify the person. Names, photos, email addresses, bank details, posts on social networking websites, medical information or IP addresses.

It is a Europe-wide set of data protection laws designed to harmonise data privacy practice across Europe. The emphasis is on protecting citizens and their data, and giving users more information about and control over how it’s used. The new regulations will come into force by May 2018.

It should be noted that whilst aspects of the GDPR are new, many of the requirements build upon the existing Data Protection legislative framework.

This means it will cover all of our personal information collected and used by businesses.

CONSUMER ESSENTIALS before you give YOUR information look for the PRIVACY NOTICE – businesses must be able to tell you about why and how they intend to use your information.   Plus, you will be expected to CONSENT to the use of your information. In terms of consent, consent is one of a number of lawful bases for processing and it may be that organisations do not always need consent to process consumer’s data. In cases where they rely on consent, then that consent will need to be a positive, affirmative and unambiguous action confirming consent on the part of the consumer.

The law gives all of us INDIVIDUAL RIGHTS in relation to our personal information and these are detailed below.

Businesses failing to look after our personal information according to the law face a tougher ENFORCEMENT approach by the Data Protection Authority. See below.

Privacy Notices

Empowering individuals by being transparent and clear about how their data are going to be processed, and by whom, is a key element of compliance with the GDPR.   At every point at which personal data are collected, whether that is from your clients, staff or others, review how you intend to provide the following at the time of collection:

  • Purpose of and legal basis for processing;
  • Recipients of the data;
  • Any third countries data are transferred to and safeguards in place;
  • Data retention periods;
  • The existence of individual’s rights;
  • Right to withdraw consent where provided;
  • Data Protection Officer’s contact details;
  • Whether data provision has statutory or contractual basis;
  • Details where the legitimate interest condition has been relied upon

Consent

The GDPR considers consent an important part of ensuring individuals have control and an understanding of how their data are to be processed.

  • Consent must be:
    • Freely given
    • Specific
    • Informed
    • Unambiguous
  • There has to be a positive indication of agreement.
  • Consent as a basis for processing gives individuals stronger rights.
  • Data controllers must be able to evidence consent was given.
  • Parental consent to process children’s† data on the internet. With regards to children’s consent, this is only required for ‘information society services’ (i.e. paid for internet services) and our law says parental consent is required for a child under 13 years, unless the data has been pseudonymised i.e. meaning that for example a name is replaced with a unique number to render the data record less identifying.

 the legal definition of a child will be determined at the law drafting stage with the upper age limit required to be within the range of 13-16 years

Individual’s Rights

Individual’s rights are enhanced and extended in a number of important areas. They include:

  • A right of access to data (Subject Access);
  • A right for the correction of data where inaccuracies have been identified;
  • A right to require the erasure of personal data, in certain circumstances (often referred to as the ‘right to be forgotten’);
  • A right to prevent direct marketing;
  • Control over automated decision making & profiling;
  • A right to data portability between controllers

Penalties and Data Breaches

The GDPR provides for a tougher enforcement approach by the Data Protection Authority including the ability to impose significant fines.

  • Data breaches must be reported to Data Protection Authority within 72 hours of discovery
  • Individuals impacted should be told where there exists a high risk to their rights and freedoms e.g. identity theft, personal safety
  • Fines can be issued up to €10 million under the Jersey Law
  • Data Protection Authority can issue reprimands, warnings and bans as well as fines.

For more information please see;

https://oicjersey.org/data-protection-new-law/

https://thinkgdpr.org/overview/


Number Portability

April 10, 2018 Telecommunications No Comments

2018 marks 10 years since mobile number portability was introduced in the Channel Islands. It means that both Pay As You Go and Pay Monthly customers choosing to move between operators (Sure, JT and Airtel) can keep the exact same telephone number, including the prefix (e.g. 07797). It’s incredibly easy to do, there’s no loss of service and it’s totally free of charge. Plus, unlike in the UK, you don’t need to contact the operator you are leaving or give any notice period (provided you are outside of the term of your initial contract which is usually 12 or 24 months).

Thousands of customers in the Channel Islands move between operators each year, and the majority keep their number when they do. Both CICRA and the JCC have recommended customers shop around and local providers fully support this, whether you are looking to move for superior customer service, a better network experience or simply because you can save money with a new deal.

To take advantage of the competitive telecoms environment we have locally, simply visit your new operator and they will do it all for you.

Visit http://jerseytelcowatch.com to compare prices.

Check with your existing provider if you are in or out of contract.  There may be early termination fees to pay if you are still in a contract. If the account is in debt, barred or suspended, the port is not possible.

Can I change landline operator and keep my number?

The answer in simple terms is yes & no.

Two providers in Jersey offer traditional landline services using Wholesale Line Rental (WLR) and thus, if you are switching between Sure & JT, for example, you can keep your landline number. This is because the underlying wholesale product with the number ‘attached’ is still being provided by JT in Jersey, however the retail service being offered by the alternative operator may be different. Again, you will need to check the status of your existing contract.

For other local operators, not offering services based on the same underlying wholesale product this portability is not yet possible. However, it is still under consideration by Channel Islands Competition Regulator.