Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States' laws implementing other provisions of the Directive are complied with prior to the transfer.

As regards the Bailiwick of Jersey, the legal standards on the protection of personal data largely based on the standards set out in Directive 95/46/EC have been provided for in the Data Protection (Jersey) Law 1987, which entered into force on 11 November 1987 and two ancillary laws, the Data Protection (Amendment) (Jersey) Law 2005, and the Data Protection (Jersey) Law 2005 (Appointed Day) Act 2005.

Secondary legislation has also been adopted under the authority of the Data Protection (Jersey) Law, in 2005, laying down specific rules concerning issues such as subject access, processing of sensitive data and notification to the data protection authority (3).