The Isle of Man had adopted a short Data Protection Act 2018 which gives specific powers to introduce EU data protection provisions as part of Manx law. The provisions have now been implemented with The GDPR and LED (Law Enforcement Directive) Implementing Regulations 2018. The new legislation took effect from 1 August.
The regulations, which follow closely the UK 2018 Data Protection Act, replace the 2002 Data Protection Act. A spokesman for the Isle of Man government told PL&B that there are some modifications, for example excluding some exemptions (immigration, some parts of the anti-doping exemptions) otherwise included in the UK Act.
There are transitional arrangements until 1 February 2019 for registration renewals and until 25 May 2019 in respect of compliance with the new transparency and consent requirements. The Isle of Man Information Commissioner’s Office is currently working on guidance documents on the new law.
The Isle of Man is not a member of the EU but requires sufficiently similar law to the GDPR in order to retain its ‘adequacy decision’ by the EU. The existing adequacy decisions, including that of the Isle of Man, will remain valid until they are amended, replaced or repealed by the EU Commission. A review of the existing decisions is anticipated by 2020.
The law is available at https://www.inforights.im/information-centre/data-protection-law-2018/