![]() (5) A data controller shall destroy or delete a record of personal data or de-identify the record at the expiry of the retention period. (b) where there is no law or code of conduct that provides for the retention period, retain the record for a period which will afford the data subject an opportunity to request access to the record. (a) retain the record for a period required or prescribed by law or a code of conduct, or (4) A person who uses a record of the personal data of a data subject to make a decision about the data subject shall (3) A person who retains records for historical, statistical or research purposes shall ensure that the records that contain the personal data are adequately protected against access or use for unauthorised purposes. (2) Subsection (1) does not apply to records of personal data retained for (d) the data subject consents to the retention of the record. (c) retention of the record is required by virtue of a contract between the parties to the contract, or (b) the retention of the record is reasonably necessary for a lawful purpose related to a function or activity, (a) the retention of the record is required or authorised by law, (1) Subject to subsections (2) and (3), a data controller who records personal data shall not retain the personal data for a period longer than is necessary to achieve the purpose for which the data was collected and processed unless (g) compliance is not reasonably practicable. (f) compliance would prejudice a lawful purpose for the collection or (vi) for the protection of the interests of a responsible or third party to whom the information is supplied (v) for the protection of national security or (iv) for the conduct of proceedings before any court or tribunal that have commenced or are reasonably contemplated ![]() (iii) for the enforcement of a law which concerns revenue collection (ii) for the enforcement of a law which imposes a pecuniary penalty (i) for the prevention, detection, investigation, prosecution or punishment of an offence or breach of law (e) the collection of the data from another source is necessary: (d) the collection of the data from another source is not likely to prejudice a legitimate interest of the data subject (c) the data subject has consented to the collection of the information from another source (b) the data subject has deliberately made the data public (a) the data is contained in a public record (2) Despite subsection (1), personal data may be collected indirectly where: (1) A person shall collect personal data directly from the data subject. Collection of personal data (Section 21).(3) Where a data subject objects to the processing of personal data, the person who processes the personal data shall stop the processing of the personal data. (2) Unless otherwise provided by law, a data subject may object to the processing of personal data. (e) necessary to pursue the legitimate interest of the data controller or a third party to whom the data is supplied. (d) necessary for the proper performance of a statutory duty or (c) to protect a legitimate interest of the data subject (a) necessary for the purpose of a contract to which the data subject is a party (1) A person shall not process personal data without the prior consent of the data subject unless the purpose for which the personal data is processed is Consent, justification and objection (20).Personal data may only be processed if the purpose for which it is to be processed, is necessary, relevant and not excessive. (2) A data controller or processor shall in respect of foreign data subjects ensure that personal data is processed in compliance with data protection legislation of the foreign jurisdiction of that subject where personal data originating from that jurisdiction is sent to this country for processing. (a) without infringing the privacy rights of the data subject (1) A person who processes personal data shall ensure that the personal data is processed Processing of Personal Data (Section 18).Compatibility Of Further Processing With Purpose Of Collection.The Act sets out the 8 data principles under Section 17 as follows: This recognition by a data controller or processer should lead to the application of the 8 basic principles for processing personal information. The Data Protection Act, 2012 (Act 843) is premised on the fundamental rule that all who process personal data must take into consideration the right of that individual to the privacy of his or her communications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |