To hold the General Election of People’s Deputies in October 2020 the States of Guernsey needs to compile an Electoral Roll of registered voters. The information held on the roll is used to administer the election and record who has voted in the election, both in person and by use of a postal vote. The Electoral Roll is a public record and all sections can be inspected upon request during periods specified by legislation at designated locations within the Bailiwick and is routinely available upon request when attending at Sir Charles Frossard House. A copy of the Electoral Roll is also published for inspection during the same period as above at the Douzaine Room or Constables Offices of each parish.
Registration on the Electoral Roll can be either public, or in limited circumstances, anonymous. For those individuals who have been accepted for anonymous registration, their personal details will not be available on the public Electoral Roll.
The general election is administered by the Office of the Committee for Home Affairs under the responsibility of the Registrar-General of Electors. The Registrar-General of Electors is the Data Controller for matters relating to the Electoral Roll.
1. The Data Protection Law
The Registrar-General acknowledges his obligations under the Data Protection (Bailiwick of Guernsey) Law, 2017 (the Law) which provides a number of requirements in terms of processing activities involving personal data. The Registrar-General further acknowledges the general principles of processing as well as the rights of a data subject, and more information in relation to these provisions is provided within this fair processing notice.
2. The Principles of Processing
a. Lawfulness, fairness and transparency
Personal data must be processed lawfully, fairly and in a transparent manner.
The purpose of collecting the data is to discharge the responsibilities of the Committee for Home Affairs and the States Assembly and Constitution Committee in relation to the Electoral Roll and delivery of elections under the provisions of the Reform (Guernsey) Law 1948 as amended. Personal data used for the purposes of the Electoral Roll is collected in one of four ways:
- Through a paper application form available to each household in Guernsey – in these circumstances one member of the household is required to complete the form on behalf of all eligible voters who wish to register. In this way, you may either be the individual providing your data directly or you may be an individual whose data is provided indirectly by that other person in your home.
- Through the on-line application form – you can only register as an individual and therefore your personal data will be collected directly.
- Through the anonymous registration paper application form – a single application is required per applicant and therefore your personal data is collected directly from you.
- Through the prisoner registration paper application form – a single application is required per applicant and therefore your personal data is collected directly from you.
For all methods of registration the following data is collected:
- Date of birth
- Telephone number (optional)
- Email address (optional on hard copy registration form)
Additional information will be required if you are applying for anonymous registration:
- A reference to a relevant Court Order valid at the time of your application.
- A document (attestation) signed by a nominated professional confirming that your safety would be compromised if your details were included on the public Electoral Roll.
Your data is processed in accordance with conditions in Schedule 2 of the Law. The following conditions apply:
- The processing is necessary for the controller to exercise any right or power, or perform or comply with any duty, conferred or imposed on the controller by an enactment.
- The processing is necessary for the exercise or performance by a public authority of a function that is of a public nature, or a task carried out in the public interest.
Personal Data Use and Sharing – Public Electoral Roll Registration
Your personal data will be used and shared as follows:
- By secure means with external data processors to assist in the production of the Electoral Roll for the purposes of the efficient administration of the election.
- With election candidates for the purposes of election campaigning in accordance with the provisions of the Electoral Roll (Availability) Rules, made under the Reform (Guernsey) Law 1948 as amended, and may be used by them to provide you with manifesto materials direct to your address. Each candidate will be required to register as a Data Controller with the Office of the Data Protection Authority before being supplied with any copies of the published Electoral Roll.
- With polling stations to administer the election process by recording the individuals who vote either in person or otherwise to record the use of a postal vote.
- Your name and address will be published in the public Electoral Roll. The published Electoral Roll is made available for inspection by any person during periods specified by legislation at designated locations within the Bailiwick and is routinely available upon request when attending at Sir Charles Frossard House.
- Your address may be shared with businesses to facilitate the distribution of information about each candidate.
- Your name and address will also be used to provide other material about the election process such as voter registration cards or postal voting.
- A full copy of the closed Electoral Roll may be provided to the Island Archive for historical reference purposes.
Your date of birth, telephone and email contact details will be used for administrative purposes only and will not be included on the Published Electoral Roll.
Personal Data Sharing – Anonymous Electoral Roll Registration
Section 34A of the Reform (Guernsey) Law 1948 (as amended) provides for a person to apply to the Registrar-General for their name and address to be omitted from the published Electoral Roll. If the Registrar-General is satisfied that the person, their family or property, would be at risk of harm if their name and address were published then the Registrar-General will grant the application and take all reasonable steps to ensure their name and address are omitted from the published Electoral Roll and the Electoral Roll used at the Polling Stations on voting days.
Your personal data will be used and shared as follows:
- Held in a secure file by the Registrar-General of Electors. You will be allocated with a unique reference number which will appear on the Electoral Roll instead of your name and address.
- To provide you with materials for postal voting if you opt to vote in this way when registering.
If you have registered on the Electoral Roll but have successfully applied to the Registrar-General of Electors to have your name omitted from the Published Electoral Roll, then you will not receive any communication originating from the information held on the Electoral Roll, other than for postal voting and your data will not be shared with election candidates.
b. Purpose limitation
Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected.
The Registrar-General acknowledges his responsibility with regards to this data protection principle and therefore the Registrar-General maintains that he will not further process that personal data in a way which is incompatible to its original reason for processing as specified in section 2a, unless he is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within data protection law).
Personal data processed must be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.
The Registrar-General maintains that he will only process the personal data which is detailed in section 2a, and will not process any further personal data that is not necessary in relation to the original reason for processing personal data as specified in section 2a, unless he is required to do so by law.
Personal data processed must be accurate, kept up-to-date (where applicable) and reasonable steps must be taken to ensure that personal data that is inaccurate is erased or corrected without delay.
The Registrar-General will ensure that all personal data that he holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay in accordance with the provisions of the law or ordinance as applicable.
The published Electoral Roll is made available for inspection by the public at times specified by legislation to provide the opportunity for an individual to review the information held about them and report any inaccuracies to the Registrar-General. Registration cards will be sent to each registered voter detailing their name and address and providing the opportunity for the details to be checked and any errors to be reported to the Registrar- General.
e. Storage limitation
Personal data must not be kept in a form that permits identification of a data subject for any longer than is necessary for the purpose for which it is processed.
Personal data and special category personal data will be retained in electronic format for the lifetime of the Electoral Roll in accordance with the States of Guernsey Records Management Policy and the Committee for Home Affairs (CfHA) Retention and Disposal Schedule.
Electronic data will be retained in the Electoral Roll database until the Electoral Roll is closed by ordinance made under the provisions of the Reform (Guernsey) law 1948 as amended. A hardcopy of the closed Electoral Roll may be submitted to the Island Archive for historical reference.
f. Integrity and confidentiality
Personal data must be processed in a manner that ensures its appropriate security, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal data is held in hard copy and electronic format.
Information Access – access to electronic or paper records is tightly controlled. Employees are vetted in a manner commensurate with the roll that they are expected to undertake. Protocols are followed to ensure that employees only have access to areas and documents as required to undertake their role. Access is monitored and effectively managed. Physical security is monitored and managed.
Information Security – the Registrar-General adopts and implements the information security standards of the States of Guernsey.
The Registrar-General is responsible for, and can demonstrate compliance with the data protection principles.
The contact details of the Registrar-General are as follows:
The Committee for Home Affairs
Tel: 01481 717000 / 01481 717353
Email: [email protected]
The contact details for the Data Protection Officer of the Committee for Home Affairs:
Data Protection Officer, the Committee for Home Affairs
Tel: 01481 717000 / or direct dial 01481 717383
Email: [email protected]
3. Data Subject Rights
a. Right of access
A data subject has the right to be advised as to whether a controller is processing personal data relating to them and, if so, that individual is entitled to one free copy of their personal data (with further copies available at a fee prescribed by the controller). This is known as a Subject Access Request (SAR). Upon receipt of a SAR, the controller has a period of one month to adhere to the request (an extension of two further months can be sought by the controller depending upon the complexity and number of requests submitted by the data subject).
b. Right to data portability
A data subject has the right to data portability, this means that an individual is able to arrange for the transfer of their personal data from one controller to another without hindrance from the first controller. This right can only be utilized where the processing is based on consent or for the performance of a contract. This right cannot be used for processing by a public authority. Where a data subject invokes the right to data portability, the data subject has the right to be given their personal data in a structured, commonly used and machine-readable format suitable for transmission from one controller to another. Upon the request of a data subject, the controller must transmit their personal data directly to another controller unless it is technically unfeasible to do so.
c. Exception to right of portability or access involving disclosure of another individual’s personal data
A controller is not obliged to comply with a data subject’s request under the right of access or right to data portability where the controller cannot comply with the request without disclosing information relating to another individual who is identified or identifiable from that information.
d. Right to object to processing
A data subject has the right to object to a controller’s activities relating to the processing of personal data for direct marketing purposes, on grounds of public interest and for historical or scientific purposes.
e. Right to rectification
A data subject has the right to require a controller to complete any incomplete personal data and to rectify or change any inaccurate personal data.
f. Right to erasure
A data subject has the right to submit a written request to a controller regarding the erasure of the data subject’s personal data in certain circumstances. These include where:
- The personal data is no longer required in relation to its original purpose for collection by the controller;
- The lawfulness of processing is based on consent and the data subject has withdrawn their consent;
- The data subject objects to the processing and the controller is required to cease the processing activity;
- The personal data has been unlawfully processed;
- The personal data must be erased in order to comply with any duty imposed by law; or
- The personal data was collected in the context of an offer from an information society service directly to a child under 13 years of age.
g. Right to restriction of processing
A data subject has the right to request, in writing, the restriction of processing activities which relate to the data subject’s personal data. This right can be exercised where:
- The accuracy or completeness of the personal data is disputed by the data subject who wishes to obtain restriction of processing for a period in order for the controller to verify the accuracy or completeness;
- The processing is unlawful but the data subject wishes to obtain restriction of processing as opposed to erasure;
- The controller no longer requires the personal data, however the data subject requires the personal data in connection with any legal proceedings; or
- The data subject has objected to processing but the controller has not ceased processing operations pending determination as to whether public interest outweighs the significant interests of the data subject.
h. Right to be notified of rectification, erasure and restrictions
Where any rectification, erasure or restriction of personal data has been carried out, the data subject has a right to ensure that the controller notifies any other person to which the personal data has been disclosed about the rectification, erasure or restriction of processing. The controller must also notify the data subject of the identity and contact details of the other person if the data subject requests this information.
i. Right not to be subject to decisions based on automated processing
A data subject has the right not to be subjected to automated decision making without human intervention
To exercise these data subject rights, please contact either the data protection officer or the controller (as per the contact details provided in 2g).
j. Right to make a complaint
An individual may make a complaint in writing to the Supervisory Authority (the Office of the Data Protection Commissioner) if the individual considers that a controller or processor has breached, or is likely to breach, an operative provision of the data protection law, and the breach involves affects or is likely to affect any personal data relating to the individual or any data subject right of the individual (as listed above).
k. Complainant may appeal failure to investigate or progress and may appeal determinations
An individual may appeal to the Court where:
- The Supervisory Authority has failed to give the complainant written notice that the complaint is or is not being investigated within two months of receiving the complaint;
- The Supervisory Authority has failed to provide written notice of the progress and, where applicable, the outcome of the investigation at least once within three months of providing notice of the beginning of an investigation; or
- Where the individual seeks to appeal against a determination of the Supervisory Authority.