Regulation 9(4) of the Implementing Regulations requires "every controller and processor to which the applied GDPR applies to comply with the registration requirements in Schedule 7".  This is regardless of whether the processing of personal data takes place in the Island or not.


Controllers and processors commit an offence if they contravene:

These offences carry fines of up to £10,000.  In addition, directors, etc. may also be personally liable for offences, by virtue of regulation 143 of the Implementing Regulations.