Data Protection Regulations (DPR)

Similar documents
1. Why do third-country audit entities have to register with authorities in Member States?

European patent filings

Postings under Statutory Instrument and Bilateral Agreements

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2013: A Further Decline

Identification of the respondent: Fields marked with * are mandatory.

UNDER EMBARGO UNTIL 9 APRIL 2018, 15:00 HOURS PARIS TIME

European Union Passport

2. The table in the Annex outlines the declarations received by the General Secretariat of the Council and their status to date.

IMMIGRATION, ASYLUM AND NATIONALITY ACT 2006 INFORMATION FOR CANDIDATES

Prevention of Illegal Working Guidance on the Immigration, Asylum and Nationality Act 2006

THE RECAST EWC DIRECTIVE

INVESTING IN AN OPEN AND SECURE EUROPE Two Funds for the period

UAE E Visa Information

Visa issues. On abolition of the visa regime

Visas and volunteering

Factsheet on rights for nationals of European states and those with an enforceable Community right

Timeline of changes to EEA rights

8193/11 GL/mkl 1 DG C I

VISA POLICY OF THE REPUBLIC OF KAZAKHSTAN

SKILLS, MOBILITY, AND GROWTH

PISA 2015 in Hong Kong Result Release Figures and Appendices Accompanying Press Release

WALTHAMSTOW SCHOOL FOR GIRLS APPLICANTS GUIDE TO THE PREVENTION OF ILLEGAL WORKING

Table A.1. Jointly Democratic, Contiguous Dyads (for entire time period noted) Time Period State A State B Border First Joint Which Comes First?

AKROS & Partners International Residence and Citizenship Planning Inc Yonge St., Suite #1600 Toronto, ON, M4P 1E4, Canada Telephone:

EU Settlement Scheme Briefing information. Autumn 2018

Enrolment Policy. PART 1 British/Domestic Students

Commonwealth of Australia. Migration Regulations CLASSES OF PERSONS (Subparagraphs 1236(1)(a)(ii), 1236(1)(b)(ii) and 1236(1)(c)(ii))

Page1. Eligibility to Work in the UK. Issue Date 01/01/2017 Issue 1 Document No: 003 Uncontrolled when copied

ELIGIBLITY TO WORK IN THE UK CHECKLIST

Immigration, Asylum and Nationality Act 2006

LMG Women in Business Law Awards - Europe - Firm Categories

In the performance of the judicial duties the judge is subject only to the law and must consider only the law.

Territorial indicators for policy purposes: NUTS regions and beyond

List of countries whose citizens are exempted from the visa requirement

Fertility rate and employment rate: how do they interact to each other?

Homeless, Destitute and Stranded Persons

The diversity of Agricultural Advisory Services in Europe

Brexit. Alan V. Deardorff University of Michigan. For presentation at Adult Learning Institute April 11,

Contributions to UNHCR For Budget Year 2014 As at 31 December 2014

PISA 2009 in Hong Kong Result Release Figures and tables accompanying press release article

On aid orphans and darlings (Aid Effectiveness in aid allocation by respective donor type)

SSSC Policy. The Immigration Asylum and Nationality Act Guidelines for Schools

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

UKRI Prevention of Illegal Working Policy

REPORT. On the operation of the European Arrest Warrant Act (as amended) in the year 2015 made to the Houses of the

Guidance for Clergy - Foreign Nationals seeking to marry in the UK

Migration information Center I Choose Lithuania

Reference Title Dates Organiser(s) 00/2007 Train the Trainers Learning Seminar Step February 2007 Portugal 01/2007 Crime, Police and Justice in

Asylum Trends. Appendix: Eurostat data

TULIP RESOURCES DOCUMENT VERIFICATION FOR ALL EMPLOYEES FEBRUARY 2013

Fee Assessment Questionnaire

UNDER EMBARGO UNTIL 10 APRIL 2019, 15:00 HOURS PARIS TIME. Development aid drops in 2018, especially to neediest countries

Asylum Trends. Appendix: Eurostat data

Asylum Trends. Appendix: Eurostat data

2016 Europe Travel Trends Report

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN AUGUST 2016

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN AUGUST 2015

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN MAY 2017

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN FEBRUARY 2017

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN MARCH 2016

9 th International Workshop Budapest

WORLDWIDE DISTRIBUTION OF PRIVATE FINANCIAL ASSETS

CHILDREN AND THEIR RIGHTS TO BRITISH CITIZENSHIP

PUBLIC PROCUREMENT AND ILLEGAL SETTLEMENTS

ASYLUM IN THE EU Source: Eurostat 4/6/2013, unless otherwise indicated ASYLUM APPLICATIONS IN THE EU27

Introduction. The European Arrest Warrant Act 2003 The European Arrest Warrant Act 2003 came into operation on 1 January 2004.

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN DECEMBER 2016

TRIPS OF BULGARIAN RESIDENTS ABROAD AND ARRIVALS OF VISITORS FROM ABROAD TO BULGARIA IN SEPTEMBER 2015

Migration, Mobility and Integration in the European Labour Market. Lorenzo Corsini

TISPOL PERSPECTIVES TO THE EUROPEAN ROAD SAFETY HOW TO SAVE LIVES AND REDUCE INJURIES ON EUROPEAN ROADS?

GALLERY 5: TURNING TABLES INTO GRAPHS

INFORMATION LEAFLET - Cross-border placement of children Placement of children abroad by German courts and authorities general advice

Work and residence permits and business entry visas

All sections to be completed in full

Conducting a Compliant Right to Work Check Contents

IMO COMPREHENSIVE REVIEW OF THE STCW CONVENTION AND THE STCW CODE. Chapter VIII of the STCW Code. Fitness for duty

Shaping the Future of Transport

INTERNATIONAL OFFICE. Short procedure - MVV Visa for Study. Dear prospective student,

Delegations will find attached Commission document C(2008) 2976 final.

EU Trade Mark Application Timeline

THE EUROPEAN COURT OF HUMAN RIGHTS IN FACTS & FIGURES

GUARANTOR'S UNDERTAKING GUARANTEE

Equity and Excellence in Education from International Perspectives

The Markets for Website Authentication Certificates & Qualified Certificates

BULGARIAN TRADE WITH EU IN JANUARY 2017 (PRELIMINARY DATA)

FORM P1 - APPLICATION FORM FOR CANDIDATES

BULGARIAN TRADE WITH EU IN THE PERIOD JANUARY - MARCH 2016 (PRELIMINARY DATA)

Romania's position in the online database of the European Commission on gender balance in decision-making positions in public administration

Europe in Figures - Eurostat Yearbook 2008 The diversity of the EU through statistics

RIGHT TO WORK GUIDELINES

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Q&A on the European Citizens' Initiative

Asylum decisions in the EU28 EU Member States granted protection to asylum seekers in 2013 Syrians main beneficiaries

Education Quality and Economic Development

Right to Work in the UK Policy Contents

GOVERNMENT SERVICES OFFICE Client Handbook

Transcription:

Data Protection Regulations (DPR) Consolidated Version No.2 In force on 23.12.2012

CONTENTS The contents of this module are divided into the following chapters, sections and appendices: 1. INTRODUCTION... 3 1.1 These Regulations may be cited as the Data Protection Regulations.... 3 1.2 Application and interpretation... 3 1.3 References to writing... 3 2. PERMIT FOR PROCESSING SENSITIVE PERSONAL DATA... 4 2.1 Application for permit... 4 3. REJECTION OF AN APPLICATION FOR A PERMIT... 5 4. GRANTING A PERMIT TO PROCESS SENSITIVE PERSONAL DATA... 6 5. PERMIT FOR TRANSFER OUT OF THE DIFC OF PERSONAL DATA... 7 5.1 Application for permit... 7 5.2 Rejection of an application for a permit... 7 5.3 Granting a permit to transfer personal data... 8 6. RECORDS AND NOTIFICATION... 9 6.1 Records... 9 6.2 Guidance... 9 6.3 Notifications... 11 6.4 Time for filing Notifications... 12 6.5 Fees... 12 7. IMPOSITION OF FINES... 13 7.1 Notice of administrative fines... 13 8. MEDIATION... 14 8.1 Process of mediation... 14 App1 FEES... 15 App2 NOTICES... 16

1. INTRODUCTION 1.1 These Regulations may be cited as the Data Protection Regulations. 1.2 Application and interpretation 1.2.1 These Regulations apply to any person to whom the Law applies. 1.2.2 In these Regulations a reference to the Law is a reference to the Data Protection Law. 1.2.3 Defined terms are identified throughout these Regulations by the capitalisation of the initial letter of a word or phrase. Where capitalisation of the initial letter is not used, an expression has its natural meaning. 1.2.4 Where reference is made in the Regulations to a statutory provision, it is a reference to the provision as amended, and includes a reference to that provision as extended or applied by or under any other provision, unless the contrary intention appears. 1.2.5 Unless the contrary intention appears: words in the Regulations importing the masculine gender include the feminine and words importing the feminine gender include the masculine; words in the Regulations in the singular include the plural and words in the plural include the singular; and references to Chapters, Sections and Schedules are to Chapters, Sections and Schedules of these Regulations. 1.2.6 All other defined terms have the same meaning they have under the Law. 1.3 References to writing 1.3.1 If a provision in these Regulations refers to a communication, notice, agreement of other document in writing then, unless the contrary intention appears, it means in legible form and capable of being reproduced on paper, irrespective of the medium used. Expressions related to writing must be interpreted accordingly. 1.3.2 This does not affect any other legal requirements which may apply in relation to the form or manner of executing a document or agreement. 3

2. PERMIT FOR PROCESSING SENSITIVE PERSONAL DATA 2.1 Application for permit 2.1.1 A Data Controller which seeks a permit from the Commissioner of Data Protection to Process Sensitive Personal Data pursuant to Article 10 (2) of the Law must apply in writing to the Commissioner of Data Protection setting out: (d) (e) (f) (g) (h) (i) the name of the Data Controller; the address of the Data Controller; the name, address, telephone number and e-mail address of the person within the Data Controller responsible for making the application for the permit; a description of the Processing of Sensitive Personal Data for which the permit is being sought, including a description of the nature of the Sensitive Personal Data involved; the purpose of the Processing of the Sensitive Personal Data; the identity of the Data Subjects to whom the relevant Sensitive Personal Data relates, or in the event of classes of Data Subjects being affected, a description of the class of Data Subjects; the identity of any person to whom the Data Controller intends disclosing the Sensitive Personal Data; to which jurisdictions, if known, such Sensitive Personal Data must be transferred outside of the DIFC; and a description of the safeguards put into place by the Data Controller, to ensure the security of the Sensitive Personal Data. 2.1.2 The Data Controller must provide the Commissioner of Data Protection with such further information as may be required by the Commissioner of Data Protection in order to determine whether to grant a permit in accordance with Article 10(2) of the Law. 4

3. REJECTION OF AN APPLICATION FOR A PERMIT 3.1 The Commissioner of Data Protection may in his absolute discretion refuse to grant an application for a permit to Process Sensitive Personal Data. 3.2 Upon refusing to grant a permit, the Commissioner of Data Protection will without undue delay inform the Data Controller in writing of such refusal and provide the reasons for such refusal. 5

4. GRANTING A PERMIT TO PROCESS SENSITIVE PERSONAL DATA 4.1 The Commissioner of Data Protection may grant an application for a permit to process Sensitive Personal Data with or without conditions it considers necessary. 4.2 Upon deciding to grant a permit, the Commissioner of Data Protection will without undue delay inform the Data Controller of such decision and any conditions. 6

5. PERMIT FOR TRANSFER OUT OF THE DIFC OF PERSONAL DATA 5.1 Application for permit 5.1.1 A Data Controller who seeks a permit from the Commissioner of Data Protection pursuant to Article 12(1) of the Law for transferring Personal Data to a Recipient which is not subject to laws and regulations which ensure an adequate level of protection must apply in writing to the Commissioner of Data Protection setting out: (d) (e) (f) (g) (h) (i) the name of the Data Controller; the address of the Data Controller; the name, address, telephone number, fax number and e-mail address of the person within the Data Controller responsible for making the application for the permit; a description of the proposed transfer of Personal Data for which the permit is being sought, including a description of the nature of the Personal Data involved; the purpose of the proposed transfer of Personal Data; the identity of the Data Subjects to whom the relevant Personal Data relates, or in the event of classes of Data Subjects being affected, a description of the class of Data Subjects; the identity of the proposed Recipient of the Personal Data; the jurisdiction of the proposed Recipient and a description of the laws and Regulations which apply to the proposed Recipient in respect of Personal Data protection; and a description of the safeguards put into place by the Data Controller, to ensure the security of the Personal Data should the relevant transfer take place. 5.1.2 The Data Controller must provide the Commissioner of Data Protection with such further information as is required by the Commissioner of Data Protection in writing in order to determine whether to grant a permit in accordance with Article 12(1) of the Law. 5.2 Rejection of an application for a permit 5.2.1 The Commissioner of Data Protection may in his absolute discretion refuse to grant an application for a permit to transfer Personal Data. 7

5.2.2 Upon refusing to grant a permit, the Commissioner of Data Protection will without undue delay inform the Data Controller in writing of such refusal and provide the reasons for such refusal. 5.3 Granting a permit to transfer personal data 5.3.1 The Commissioner of Data Protection may grant an application for a permit to transfer Personal Data with or without conditions it considers necessary. 5.3.2 Upon deciding to grant a permit, the Commissioner of Data Protection will without undue delay inform the Data Controller of such decision and any conditions. 8

6. RECORDS AND NOTIFICATION 6.1 Records 6.1.1 For the purposes of Article 19(4) of the Law, a Data Controller must record the following information in relation to its Personal Data Processing operations: (d) (e) description of the Personal Data Processing being carried out; an explanation of the purpose for the Personal Data Processing; the Data Subjects or class of Data Subjects whose Personal Data is being processed; a description of the class of Personal Data being processed; and a list of the jurisdictions to which Personal Data may be transferred by the Data Controller, along with an indication as to whether the particular jurisdiction has been assessed as having adequate levels of protection for the purposes of Articles 11 and 12 of the Law. 6.2 Guidance 6.2.1 With respect to Regulation 6.1.1 the purposes for which Personal Data may be Processed will vary but will usually include one or more of the following: (d) (e) (f) (g) (h) (i) accounting and auditing; administration of justice; administration of membership records; advertising, marketing and public relations for the Data Controller itself; advertising, marketing and public relations for others; benefits, grants and loans administration; consultancy and advisory services; credit referencing; debt administration and factoring; 9

(j) (k) (l) (m) (n) (o) (p) (q) (r) (s) (t) (u) (v) education; information and data bank administration; insurance administration; legal services; licensing and registration; pastoral care; pensions administration; policing; private investigation; property management; provision of financial services; research; and staff administration. 6.2.2 With respect to Regulation 6.1.1, where Personal Data of multiple Data Subjects is being processed, Data Controllers may instead of listing individual Data Subjects, record the class of Data Subject involved. In such a case, Data Controllers may use the following, or other similar, classes: (d) (e) (f) (g) staff, including agents, temporary and casual workers; clients and customers; suppliers; members; complainants, correspondents and enquirers; relatives and associates of the Data Subject; and advisors, consultants and other professional experts. 10

6.3 Notifications 6.3.1 For the purposes of Articles 19(4) and 19(4) of the Law, a Data Controller must notify the Commissioner of Data Protection of the following Personal Data Processing operations or set of such operations: any Personal Data Processing operation or set of operations involving the Processing of Sensitive Personal Data; and any Personal Data Processing operation or set of operations involving the transfer of Personal Data to a Recipient outside of the DIFC which is not subject to laws and Regulations which ensure an adequate level of protection. 6.3.2 When a Data Controller gives a notification to the Commissioner of Data Protection in accordance with Regulation 6.3.1, the notification must contain the following information: (d) (e) a general description of the Personal Data Processing being carried out; an explanation of the purpose for the Personal Data Processing; the Data Subjects or class of Data Subjects whose Personal Data is being processed; a description of the class of Personal Data being processed; and a statement of which jurisdictions to which Personal Data will be transferred by the Data Controller, along with an indication as to whether the particular jurisdiction has been assessed as having adequate level of protection for the purposes of Articles 11 and 12 of the Law. 6.3.3 The notification required by Regulation 6.3.1 must be provided to the Commissioner of Data Protection: as soon as possible and in any event within 14 days upon commencing of the Personal Data Processing referred to in Regulation 6.3.1; on every anniversary of the initial notification where the Personal Data Processing is to continue in the subsequent year; and as soon as possible and in any event within 14 days upon any Personal Data Processing being processed in a manner different to that described in the initial notification. 11

6.4 Time for filing Notifications 6.5 Fees Where the Law requires a notification to be filed with the Commissioner of Data Protection, the notification must be filed, in the absence of a time limit being stated in the Law or these Regulations, within 14 days of the date of the happening of the event to which the notification relates. For the purposes of Article 40 of the Law, the Data Controller must pay any applicable fees in respect of matters set out in App1. 12

7. IMPOSITION OF FINES 7.1 Notice of administrative fines 7.1.1 Where the Commissioner of Data Protection considers that a Data Controller has committed a contravention of any provision referred to in Schedule 2 of the Law in relation to which a fine is stipulated in that Schedule, and decides to impose a fine pursuant to Article 36 of the Law, the Commissioner of Data Protection will give the Data Controller a written Notice of Administrative Fine in accordance with Notice 1 in App2: (d) alleging that the Data Controller has committed the contravention and giving particulars of the facts alleged by the Commissioner of Data Protection to constitute a contravention; setting out the fine imposed by the Commissioner of Data Protection in respect of the contravention; specifying the period during which the fine may be paid; and providing an address for filing a Notice of Objection. 7.1.2 Where a fine is imposed under Article 36 of the Law and the Data Controller files a Notice of Objection with the Commissioner of Data Protection within the period specified, the Commissioner of Data Protection may not recover the fine as a debt due, but may commence proceedings in the Court for payment of the fine. 7.1.3 A Notice of Objection must be in accordance with Notice 2 of App2 and must set out every matter which the person believes ought to be taken into account by the Commissioner of Data Protection in determining whether to commence proceedings in Court for payment of the fine. 7.1.4 If at the end of the period for payment specified in the notice imposing the fine, the Data Controller has not paid the full amount of the fine and has not filed a Notice of Objection, the Commissioner of Data Protection may apply to the Court for payment of the fine, or so much of the fine as is not paid, and any further orders the Court sees fit for recovery of the fine, including any orders for costs. 7.1.5 The Commissioner of Data Protection may withdraw a notice imposing a fine whenever he considers it appropriate. 13

8. MEDIATION 8.1 Process of mediation 8.1.1 For the purposes of Article 34(1) of the Law, a person may file a claim with the Commissioner of Data Protection by lodging a written notice providing the following information: (d) full name and address of the person making the claim; the Data Controller whom the person believes has contravened the Law; a detailed statement of facts which the person believes gives rise to contravention of the Law; and the relief sought by the person making the claim. 8.1.2 Upon receiving a claim lodged under Article 34(1) of the Law, the Commissioner of Data Protection may follow such practices and procedures in the mediation of the claim that will, in the view of the Commissioner of Data Protection, lead to the most timely, fair and effective resolution of the claim. 8.1.3 At the conclusion of the mediation process, should the Commissioner of Data Protection determine to issue a direction requiring a Data Controller to do any act or thing in accordance with Article 34(3) of the Law, the Commissioner of Data Protection will do so by issuing a notice in writing setting out: the act or thing that the Data Controller is required to do; and the time within which, or before which, the Data Controller is required to do that act or thing. 14

App1 FEES A1.1 Table of fees A.1.2 Notes: Upon receipt by the Commissioner of Data Protection of: Category I II III Registration $1,000 $500 $200 Annual renewal of the registration $500 $250 $100 Permit to transfer Personal Data outside DIFC under Article 12(1) of the Law Permit to Process Sensitive Personal Data under Article 10(2) of the Law Amendments to the registrable particulars of the notification Notification to inform the Commissioner of Data Protection of not Processing Personal Data $250 $150 $50 $250 $150 $50 $100 $50 $10 Nil Nil Nil Amendments to contact details Nil Nil Nil (1) Category I includes entities regulated by the DFSA; (2) Category II includes DFSA non-regulated entities, except retail; and (3) Category III includes retail entities. 15

App2 NOTICES COMMISSIONER OF DATA PROTECTION NOTICE 1 NOTICE OF ADMINISTRATIVE FINE PURSUANT TO ARTICLE 36 OF THE DATA PROTECION LAW To: Full name and address of Data Controller receiving Notice 1. The Commissioner of Data Protection considers that you have contravened {provisions alleged to have been contravened}. 2. The particulars of the facts giving rise to this contravention/these contraventions are as follows: {statement of the facts constituting the contravention}. 3. The main purposes of the imposition of an administrative fine is to minimise or offset any benefit a person may obtain from non-compliance with the Data Protection Law, and to promote high standards of conduct and a culture of compliance by deterring persons from committing contraventions. Taking into account these purposes, the facts set out in paragraph 2 of this Notice of Administrative Fine and the general circumstances of this matter, the following fine is imposed: {statement of each contravention and fine imposed}. 4. This fine may be paid at any time before 5pm on {date} by forwarding payment to {address}. 5. Should you pay this fine prior to 5pm on {date}, then no proceedings will be commenced by the Commissioner of Data Protection against you in respect of the contraventions the subject of this notice. However, should you continue to be in contravention of the Law, the Commissioner of Data Protection may take action in respect of any obligation to do or refrain from doing any act or thing. 6. If you object to the imposition of this fine, you may file a Notice of Objection by sending or delivering such a notice in the form attached, to the following address: {address} 7. The Notice of Objection must contain every matter you wish the Commissioner of Data Protection to take into account in determining whether 16

to commence proceedings in the Court. The Notice of Objection must be received by the Commissioner of Data Protection before 5pm on {date}. Should you file a Notice of Objection, the Commissioner of Data Protection will take steps with a view to immediately determining whether to commence proceedings against you for payment of the fine. 8. Should you neither pay the full amount of the fine, nor file a Notice of Objection before 5pm on {date}, then the Commissioner of Data Protection may apply to the Court for payment of so much of the fine as remains unpaid, together with costs. 9. Should no Notice of Objection be filed in respect of the imposition of this fine, then the Commissioner of Data Protection may publish details of the matter to which this Notice of Administrative Fine relates. Name: {Commissioner of Data Protection Officer} Delegate of the Commissioner of Data Protection Date 17

NOTICE 2 NOTICE OF OBJECTION To: Commissioner of Data Protection PO Box 74777 DIFC, Dubai United Arab Emirates 1. I refer to the Notice of Administrative Fine, the details of which are as follows: {Date of Notice of Administrative Fine} {Data Controller to whom such Notice was addressed} {Date for lodgement of Notice of Objection as stated in Notice of Administrative Fine} 2. I object to the imposition of the fine or so much of the fine that relates to {the details of aspects disputed}. 3. {If the Data Controller to whom the Notice of Administrative Fine is addressed is not the actual Data Controller: I hold the position of {position} within {Data Controller to whom Notice of Administrative Fine is addressed} and I am authorised on its behalf to file this Notice of Objection}. 4. In determining whether to {commence proceedings in the Court} I believe that the Commissioner of Data Protection ought to take into account the following matters: {detailed statement of relevant matters} Name: Date 18

App3 ACCEPTABLE JURISDICTIONS A3.1 List of acceptable jurisdictions under Article 11(2) of the Law Austria Belgium Bulgaria Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxemburg Malta Netherlands Uruguay Poland Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom Norway Liechtenstein Iceland Switzerland Canada Argentina Guernsey Isle of Man Jersey US Department of Commerce Safe Harbor Policy (including the Safe Harbor list of organisations adhering to the Safe Harbor framework) New Zealand Guidance: Pursuant to Article 11(2) of the Law, the Commissioner of Data Protection may approve other jurisdictions as having an adequate level of protection for Personal Data. 19

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback