(8)
Secondary legislation has also been adopted under the authority of the Data Protection (Jersey) Law, in 2005, laying down specific rules concerning issues such as subject access, processing of sensitive data and notification to the data protection authority (3).
(9)
The legal standards applicable in Jersey cover all the basic principles necessary for an adequate level of protection for natural persons. The application of these standards is guaranteed by judicial remedy and by independent supervision carried out by the authority, the Data Protection Commissioner, who is invested with powers of investigation and intervention.
(a)
where a competent Jersey authority has determined that the recipient is in breach of the applicable standards of protection; or
(b)
where there is a substantial likelihood that the standards of protection are being infringed, there are reasonable grounds for believing that the competent Jersey authority is not taking or will not take adequate and timely steps to settle the case at issue, the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the party responsible for processing established in Jersey with notice and an opportunity to respond.
2. The suspension shall cease as soon as the standards of protection are assured and the competent authority of the Member States concerned is notified thereof.
3. If the information collected under Article 3 and under paragraphs 1 and 2 of this Article provides evidence that any body responsible for ensuring compliance with the standards of protection in Jersey is not effectively fulfilling its role, the Commission shall inform the competent Jersey authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
