Data Protection on the Isle of Man

This webpage is intended as a guide, and should not be construed as legal advice or an authoritative statement of the law.

Organisations and individuals should take independent advice.

Please visit www.inforights.im (Isle of Man Information Commissioner) for more information about Isle of Man data protection legislation and to make contact.

What is GDPR?

GDPR stands for General Data Protection Regulation. This is a European Union (EU) law.

The GDPR sets out the rights of the individual and establishes the obligations of those processing and those responsible for controlling and holding data. It also establishes the methods for ensuring compliance as well as the scope of sanctions and penalties for those in breach of the rules.

Key parts of the GDPR include a widened definition of personal data, new obligations for processors as well as boosted rights for individuals.

The Isle of Man has implemented the GDPR into its law so that it can continue to do business with EU countries.

The GDPR has been implemented in the Isle of Man using an Order made under a new Data Protection Act 2018 which enables the Isle of Man to bring in EU laws relating to data protection. New data protection provisions are in a set of regulations which set out all the data protection procedures and powers of the Information Commissioner, called the GDPR and LED Implementing Regulations 2018.

These provisions were previously in the Data Protection Act 2002.

GDPR sits alongside the EU's Law Enforcement Directive (LED), which contains similar provisions for organisations processing data for crime prevention, investigation and law enforcement.

Please visit www.inforights.im (Isle of Man Information Commissioner) for more information about Isle of Man data protection legislation and to make contact.