Personal Data Protection Act 2010
Gazetted on 10 June 2010
Operative date 15 Nov 2013.
Registration ends on 15 February 2014
Official website of Department of Personal Data Protection
This Act applies to—
(a) any person who processes; and
(b) any person who has control over or authorizes the processing of,
any personal data in respect of commercial transactions.
“personal data” means any information in respect of commercial transactions, which—
(a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose;
(b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or
(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system,
that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject; but does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010.
“sensitive personal data” means any personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister may determine by order published in the Gazette.
“data user” means a person who either alone or jointly or in common with other persons processes any personal data or has control over or authorizes the processing of any personal data, but does not include a data processor.
“data processor”, in relation to personal data, means any person, other than an employee of the data user, who processes the personal data solely on behalf of the data user, and does not process the personal data for any of his own purposes.
“processing”, in relation to personal data, means collecting, recording, holding or storing the personal data or carrying out any operation or set of operations on the personal data, including:
(a) the organization, adaptation or alteration of personal data;
(b) the retrieval, consultation or use of personal data;
(c) the disclosure of personal data by transmission, transfer, dissemination or otherwise making available; or
(d) the alignment, combination, correction, erasure or destruction of personal data.
Personal Data Protection (Class Of Data Users) Order 2013. (Click to download)
Under the Order, the following broad headings for the classes of data users which must apply to be registered with the Commissioner are listed:
No comments:
Post a Comment