UK GVT IOM Data Protection Adequacy

Published on: Feb 3, 2025

On Jan. 30, UK GVT issued rules relating to transfer of personal data.

  • UK GVT published The data protection (law enforcement) (adequacy) (Isle of Man) regulations 2025 (StIn 2025/89), which were made on Jan. 27, 2025.
  • Allows UK competent authorities to transfer personal data freely and with confidence to the Isle of Man, without needing to rely on any other transfer mechanism.
  • Follows UK GVT progressing IOM law enforcement data assessments, see #178537.
  • Purpose
  • These regs have been made because the Secretary of State, following assessment by Home Office officials, considers that the IOM ensures an adequate level of protection of personal data, taking into account the elements set out in s. 74A(4) of the 2018 Act.
  • Competent authorities in UK can rely on the regs to transfer personal data freely, without further safeguards such as those set out in ss 75, 76 of 2018 Act to authorities in the IOM that are subject to Data protection (application of the LED) order 2018.
  • The conditions in section 73 of the 2018 Act would still apply, as will the general data protection principles set out in chapter 1 of the 2018 Act.
  • Effectiveness
  • The regulations come into force on Feb. 20, 2025.
Regulators
UK GVT
Entity Types
CNSM; Corp
Reference
StIn 2025/89, 1/30/2025; DPA 2018 (UK); GDPR Reg 2016/679; Citation: StIn 2025/89;
Functions
Compliance; Financial; Legal; Operations; Privacy; Record Retention; Treasury
Countries
Isle of Man; United Kingdom; Cross-Border
Category
State
N/A
Products
Corporate
Rule Type
Final
Regions
EMEA
Rule Date
Jan 30, 2025
Effective Date
Feb 20, 2025
Rule ID
242111
Linked to
Reg. Last Update
Jan 30, 2025
Report Section
UK