DPJL

Data Protection (Jersey) Law 2018

Flag of JE
JerseyOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
May 25, 2018
Enacted
January 1, 2018
Enforcing Authority
Jersey Office of the Information Commissioner (JOIC)
Consent Model
Opt-in
Applies To
Organizations processing personal data in Jersey

Overview

Jersey's Data Protection (Jersey) Law 2018 provides a full GDPR-equivalent data protection regime for this UK Crown Dependency. Both EU and UK adequacy decisions are in force, making Jersey one of the longest-standing adequacy relationships with the EU.

What This Means for Your Website

  • GDPR-equivalent consent requirements apply for Jersey visitors
  • Full data subject rights are provided
  • Mandatory breach notification requirements apply
  • The JOIC provides independent oversight

Key Requirements

The JOIC enforces the DPJL with GDPR-equivalent penalty tiers. Both EU and UK adequacy decisions are in force, facilitating data transfers. The law provides comprehensive GDPR-aligned requirements including mandatory breach notification and full data subject rights.

How ConsentStack Handles This

ConsentStack applies GDPR-compliant consent standards for Jersey visitors, meeting the DPJL's requirements.

Penalties

GDPR-equivalent tiers.

Revenue-based
4% of annual revenue

Key Requirements

  • GDPR-equivalent consent and processing rules
  • Full data subject rights
  • Mandatory breach notification
  • Independent Information Commissioner

Notable Provisions

  • EU and UK adequacy decisions both in force
  • One of longest-standing EU adequacy relationships
  • Full GDPR-equivalent regime

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Does Jersey follow GDPR?

Yes. Jersey's DPJL provides a full GDPR-equivalent data protection regime with GDPR-equivalent penalty tiers.

Does Jersey have EU adequacy?

Yes. Both EU and UK adequacy decisions are in force for Jersey — one of the longest-standing adequacy relationships with the EU.

Who enforces data protection in Jersey?

The Jersey Office of the Information Commissioner (JOIC) provides independent oversight and enforcement.

Stay compliant with DPJL

ConsentStack helps you implement Opt-in consent for Jersey automatically.

Get started free