Introduction of a new Data Protection Bill (GDPR)

Closed 5 Mar 2018

Opened 23 Jan 2018

Feedback updated 26 Jun 2018

We asked

The Cabinet Office asked for feedback on proposed changes to the Isle of Man’s new data protection framework between 23 January and 5 March 2018. The proposed enabling Data Protection Bill, with secondary legislation comprising draft Orders implementing the GDPR and the LED, and implementing regulations were published with the consultation, along with a number of questions on various areas of fundamental policy.

You said

The consultation attracted over 50 responses in total, from a number of categories of respondent, including businesses, industry associations, local authorities and individuals, in addition to Government Departments and other associations. The majority of responses supported the specific questions set out, and set out further comments on diverse areas from drafting and typographical issues, areas requiring clarification or further regulation, or specific issues such as modifications and exemptions.

We did

After the recent consultation and feedback on the Island’s move towards full GDPR compliance, it’s important that you are kept up to date with all the latest developments and the likely legislative timetable.

Results updated 26 Jun 2018

The Cabinet Office received 57 responses to the consultation (32 organisations and 25 individuals responded).

  • 18 gave permission to publish their response in full
  • 26 gave permission to publish anonymously
  • 13 did not give consent to publish on the consultation hub

Clear themes emerging from the consultation responses include:

  • openness and transparency
  • need for guidance and good practice information
  • concerns around divergence from UK position
  • ensuring that sanctions / fines etc. are enforceable

The revised Orders and Implementing Regulations as amended are due to be laid before Tynwald at its May sitting.

GDPR Legislative Update

After the recent consultation and feedback on the Island’s move towards full GDPR compliance, it’s important that you are kept up to date with all the latest developments and the likely legislative timetable.

First of all, we can reaffirm the Island’s firm commitment to GDPR and to ensuring that we give increased protection to people and their personal data. The consultation process and the valuable discussions on the back of that have clearly demonstrated that there is clear agreement on this.

Royal Assent for the Data Protection Bill was received at the May sitting of Tynwald and the new Data Protection Act 2018 has been in force since 16 May 2018, together with the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018. These Orders apply both the GDPR and the LED into Manx domestic law, but will require to be implemented by Manx regulations. The GDPR and LED Implementing Regulations 2018 are due to be laid before Tynwald again in July, so although the approach remains unaltered, there is a slight delay to the implementation of these regulations.  Subject to approval, the GDPR and LED Implementing Regulations 2018 are to come into force on 1 August 2018.

In the interim period, controllers will remain subject to the provisions of the Data Protection Act 2002, including the requirement to register and renew that registration with the Information Commissioner.  That Act will only be repealed when the GDPR and LED Implementing Regulations 2018 come into force, and in the meantime data subjects can continue to exercise their rights under the current Act. The GDPR is automatically law in Member States and as such controllers and processors that deal with EU citizens and process their personal data wholly or partly by automated means will need to comply with the GDPR.

By taking this approach we can ensure that we have a measured, fair and proportionate GDPR framework for the Island. This will also ensure that we give businesses and organisations time to get ready for the new regulations. We remain committed to development of further regulation to consider trust law and other exemptions, and further regulatory and enforcement matters that develop as we continue on the journey to implement this new regime.  

Once again, we appreciate the thoughtful and measured feedback we received throughout the consultation. As a result we will have legislation which gives protection for our personal data, whilst committing to remaining in step with international standards.



Published responses

View submitted responses where consent has been given to publish the response.


In the Programme for Government, the Council of Ministers committed to ensuring that the Island’s legislative position is equivalent to the EU General Data Protection Regulation (GDPR) by May 2018. 

The Isle of Man Government’s proposed approach is the introduction of a short Data Protection Bill giving specific powers to apply EU data protection instruments as part of Manx law (with any necessary modifications) by Order approved by Tynwald and then implemented with Manx Regulations.

Why your views matter

We seek views from everyone, but it is addressed in particular to organisations from the private, public and third sector which process, or are likely to process personal data. 

The Cabinet Office invites views on the proposed Orders and Regulations.

What happens next

The Council of Ministers intends to introduce the draft Bill to the Keys on 6 February 2018.


  • All Areas


  • Elected members - MHKs
  • Elected members - local government
  • Tenants
  • Landlords
  • Employees
  • Older people
  • Homeowners
  • Self-employed
  • Students
  • Retired
  • Children & young people
  • Volunteers
  • Unemployed
  • Parents, carers and & guardians
  • People with disabilities or long term illness
  • Leaseholders/ landowners
  • Lesbian, gay, transgender & bisexual
  • Civil and public servants
  • Black & minority ethnic
  • Business owner
  • Road users
  • Visitors & tourists
  • Other non-resident - business interests


  • Legislation
  • Technology