to the Government Gazette of Mauritius No. 14 of 14 February 2009

Similar documents
The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

Data Protection Act 1998

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

GOVERNMENT GAZETTE OF THE REPUBLIC OF NAMIBIA

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE

ARTICLE 29 Data Protection Working Party

FIRST SCHEDULE [Regulation 3]

Application for a personal licence

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

Application for the Grant or Renewal of Registration as a Foreign Lawyer

GOVERNMENT NOTICE INFORMATION REGULATOR. No. R. 2017

DATA PROTECTION (JERSEY) LAW 2005

DECLARATION FORM. Page1

THE LAW ON POLITICAL PARTIES I. GENERAL PROVISIONS SUBJECT OF THE LAW. Article 1

Data Protection Bill [HL]

Access to Personal Information Procedure

APPLICATION FOR A SCRAP METAL LICENCE (under Scrap Metal Dealers Act 2013)

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II

PART 15 FUNCTIONS OF REGISTRAR AND OF REGULATORY AND ADVISORY BODIES. Chapter 1. Registrar of Companies

157P. Application for a student visa with permission to work. Applying online. Visa conditions. Residential address. Evidence of commencement of study

INFORMATION SHARING AGREEMENT BETWEEN THE MINISTRY OF JUSTICE AND THE CROWN LAW OFFICE JULY 2017

THE RIGHT OF ACCESS TO INFORMATION: SOME RAMIFICATIONS FOR THE HEALTH SECTOR

FORM OF 7 DAY NOTICE BULDING CONTROL ACTS 1990 AND DAY NOTICE

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

European College of Business and Management Data Protection Policy

APPLICATION FOR REGISTRATION AS AN INSPECTOR OF WORKS Section 10E of the Registration of Engineers Act 1967 (Revised 2015)

Data Protection Bill [HL]

Application for Recognition as a Participant of the NSX (if already a Participant of the ASX)

+ + RESIDENCE PERMIT APPLICATION FOR A GUARDIAN WITH A CHILD IN FINLAND

Information Sharing Agreement for Sharing Permitted Information with Statistics New Zealand. Authorised by Part 9A of the Privacy Act 1993

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Health and Social Work Professions Order 2001

TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 BERMUDA 2001 : 22 TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001

Information Privacy Act 2000

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

BERMUDA BERMUDA PUBLIC ACCOUNTABILITY ACT : 29

Notley High School & Braintree Sixth Form

Architects Regulation 2012

AUSTRALIAN CAPITAL TERRITORY. Mediation Act No. 61 of An Act relating to mediation and the registration of mediators

AYURVEDIC AND OTHER TRADITIONAL MEDICINES ACT

2018/19 APPLICATION FOR GRANT OF AN AUSTRALIAN REGISTRATION CERTIFICATE AS AN AUSTRALIAN-REGISTERED FOREIGN LAWYER IN NEW SOUTH WALES

EASTERN CARIBBEAN SECURITIES REGULATORY COMMISSION AGREEMENT

S.I. No. 199/1996: TRADE MARKS RULES, 1996 ARRANGEMENT OF RULES. Preliminary

+ + Former names (please give all combinations of first names and family names that you have used previously)

MANDATORY PROVIDENT FUND SCHEMES (EXEMPTION) REGULATION (Cap 485 B) ( Exemption Regulation ) TRUSTEE S INFORMATION

Aviation Security Identification Card (ASIC) Application Form S002

Offences and Penalties and Compounding of certain offences

Personal Data Protection Act

GOVERNMENT GAZETTE REPUBLIC OF NAMIBIA

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

Explanatory Memorandum after pages 22 OBJECTS AND REASONS

STOCK EXCHANGE ACT 1988 Act 38 of August 1989 ARRANGEMENT OF SECTIONS

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

THE MAURITIUS FAMILY PLANNING AND WELFARE ASSOCIATION BILL (No. XIX of 2018) Explanatory Memorandum

Data Protection Policy and Procedure

KENYA GAZETTE SUPPLEMENT

INFORMATION SHARING AGREEMENT WEST YORKSHIRE POLICE. and LEEDS AND YORK PARTNERSHIP NHS FOUNDATION TRUST

CERTIFIED DENTAL ASSISTANT APPLICATION INSTRUCTIONS FOR TEMPORARY CERTIFICATION

APPLICATION FOR PERMIT TO ACT AS A FOREIGN LEGAL CONSULTANT (Regulation 6.5)

Aviation Security Identification Card (ASIC) Application Form S002

EMPLOYMENT EQUITY ACT NO. 55 OF 1998

Fit and Proper Person Requirement Policy

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY

Child Protection Legislation Amendment (Children s Guardian) Act 2013 No 31

Health and Social Work Professions Order 2001

Application Details (to be completed by the Authorised Signatory)

Act No. 502 of 23 May 2018

THE TAX APPEALS TRIBUNAL ACT, 2013 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

HOUSES OF THE OIREACHTAS COMMISSION HOUSES OF THE OIREACHTAS SERVICE FREEDOM OF INFORMATION

ARCHITECTURAL AND QUANTITY SURVEYING PROFESSIONS BILL

RULES OF THE ALBANY EQUESTRIAN CENTRE ASSOCIATION INC ("CONSTITUTION")

EDUCATION ACT NO. 10 of Arrangement of Sections. Part I - Preliminary

Papua New Guinea Consolidated Legislation

1. Application Type (Tick appropriate boxes)

THE MEDICAL COUNCIL OF HONG KONG

NATIONAL YOUTH COUNCIL BILL

MEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

BACKGROUND INFORMATION

The General Teaching Council for Scotland Fitness to Teach Rules 2017 These Rules are available in alternative formats on request

CCTV Code of Practice

Part A Personal details to be completed in all cases. Firearms Act 1968 to 1997 Firearms Form 101

The GOSA Renewal Rescue Pack (v1)

Is information about legal entities personal data? No. The DPA only applies to information about individuals as opposed to legal entities.

REGISTER OF ELECTORS

THE PERSONAL DATA (PROTECTION) BILL, 2013

SUPPORT STAFF APPLICATION FORM

BERMUDA JUSTICE PROTECTION ACT : 49

REGISTRATION OF PERSONS ACT

BUSINESS NAMES ACT. Act No. 11,1962.

APPLICATION INSTRUCTIONS FOR PRACTISING CERTIFIED DENTAL ASSISTANT

GUIDELINES FOR THE USE OF ELECTORAL PRODUCTS

ACT ARRANGEMENT OF ACT. as amended by

Freedom Of Access To Information Act For The Republika Srpska 18/5/2001

Boron Consortium Services Ltd.

CHAPTER I. Definitions

THE FREEDOM OF INFORMATION BILL, 2002 MEMORANDUM

Transcription:

LEGAL Government SUPPLEMENT Notices 2009 45 45 to the Government Gazette of Mauritius No. 14 of 14 February 2009 Government Notice No. 22 of 2009 THE DATA PROTECTION ACT Regulations made by the Prime Minister under section 65 of the Data Protection Act after consultation with the Commissioner 1. These regulations may be cited as the Data Protection Regulations 2009. 2. In these regulations Act means the Data Protection Act. 3. (a) An application for registration as data controller under section 34(1) of the Act shall (i) be made in the form set out in the First Schedule; and (ii) be accompanied by the appropriate registration fee specified under the Second Schedule. (b) Where the data controller meets the conditions for registration under section 34(3) of the Act, the Commissioner shall register him. 4. (a) Every data controller shall, within 3 months before the date of expiry of the registration, make an application for the renewal of the registration. (b) An application made under paragraph (a) shall (i) be made in the form set out in the First Schedule; and (ii) be accompanied by the appropriate renewal fee specified in the Second Schedule.

46 Government Notices 2009 (c) Where the data controller continues to meet the conditions for registration under section 34(3) of the Act, the Commissioner shall renew the registration. 5. Any person who, pursuant to section 37 of the Act, wishes to obtain a copy of, or an extract from, an entry from the register, shall pay the appropriate fee specified in the Second Schedule. 6. (a) Where a data subject or a relevant person wishes to have access to personal data pursuant to section 41 of the Act, he shall make a request in the form set out in the Third Schedule. (b) Where the data subject or relevant person referred to under paragraph (a) wishes to have a copy of the personal data, he shall pay the appropriate fee specified in the Second Schedule. 7. Any person who wishes to obtain a copy of, or an extract from, the register of approved codes and guidelines kept by the Commissioner under section 56 of the Act, shall pay the appropriate fee specified in the Second Schedule. 8. These regulations shall come into operation on 16 February 2009. Made by the Prime Minister after consultation with the Commissioner, on 03 February 2009.

Government Notices 2009 47 FIRST SCHEDULE (regulation 3(a)) Data controller Application for registration/renewal of registration (DPO Form 1) 1. Name and address If you are an individual or sole trader, give your surname and first name(s). A partnership must include the name of the firm and the names of each of the partners. In the case of a company, the name of the company must be given, along with a trading name (if different) and the address must be that of the registered office. Persons other than companies must give the address of the principal place of business. Name/Job Status: Address: Phone No.:... Fax No. :... E- Mail:... 2. Compliance person Details of individual (if any) who will supervise the application of the Act within your organisation or representative as nominated by you in relation to the personal data with which this application for registration is concerned. Note: This is the person to whom we will address all correspondence in connection with this application for registration. Name/Job Status: Address: Phone No.:... Fax No. :... E- Mail:...

48 Government Notices 2009 3. Description Briefly list/describe each use of personal data, relating to the purpose listed under item 5 below, together with the category and class of personal data (e.g. name, address, date of birth, email address, staff ID number) kept in connection with that use. Give full details also of any personal data kept in relation to the purpose listed under item 5 below, but not normally associated with any of the uses you have listed. Use additional sheets if necessary. Use of personal data Description of personal data

Government Notices 2009 49 4. Sensitive data Other than as kept in respect of your employees in the normal course of personnel administration and not used or disclosed for any other purpose. Please read section 25 of the Act before filling this Part. (i) State which of these kinds of personal data you keep: Racial or ethnic origin Political opinion or adherence Religious belief or other belief of a similar nature Membership of a trade union Physical or mental health Sexual preferences or practices Criminal convictions (ii) State the reason/s for which sensitive data is/are kept with regard to the applications specified under item 3 above (Description): If you keep sensitive data, please specify under the following headings the safeguards in operation for the protection of the privacy of the data subjects concerned (You do not need to give these details if you do not keep sensitive data.): Physical safeguards : Technical safeguards:

50 Government Notices 2009 5. Purpose Please provide a general, but comprehensive, statement of the nature of your business, trade or profession, and of the purpose for which you keep and process personal data. Please note that where personal data is kept for 2 or more purposes, a separate application for registration in respect of any of those purposes must be made as per section 34(2) of the Act. (a) (b) (c) Use additional sheets if necessary. 6. Disclosures For each use listed under item 3 above, list the persons or bodies (or categories of them) to whom the personal data may be disclosed. Use additional sheets if necessary. Use of personal data Recipients Note: A disclosure of any personal data to a person specified above must not be made in any manner incompatible with the purpose(s) for which those data are kept. Otherwise, the disclosure will be in contravention of section 26(b), 27 and 29(1) of the Data Protection Act.

Government Notices 2009 51 7. Transfers abroad For each application listed under item 3 above, list the countries or territories (if any) to which you transfer, or intend to transfer, personal data directly or indirectly, along with a description of the data to be transferred and the purpose of transfer. Use of personal data: Country Description Purpose of transfer of data Use of personal data: Country Description Purpose of transfer of data Use additional sheets if necessary. 8. Public information Does any of the personal data kept by you consist of information which you are required by law to make available to the public? YES NO If, YES, give details:.........

52 Government Notices 2009 I certify that the above information is correct and complete and hereby apply to be registered as data controller under the Data Protection Act in respect of the purpose specified under item 5 of this application. The fee payable is related to the number of people employed: For applicants with less than or equal to 25 employees For applicants with more than 25 employees In all other cases (Tick as appropriate) I enclose the prescribed fee of Rs.. Number of employees:... Signature:... Date:... (*Applicant / Person authorised to sign on behalf of Applicant) (*Delete whichever is not applicable) NOTES: 1. It is important that you read Registration Classification and Guidance Notes for Application before completing this form. 2. Use this form if you are a data controller who is required to be registered under the Data Protection Act. 3. Please read PART VII of the Act on Exemptions before filling this form. 4. Please complete this form in BLOCK CAPITALS. 5. Failure to register or renew registration is an offence under the Data Protection Act. 6. Knowingly supplying false information is an offence under the Data Protection Act. 7. It is also an offence to knowingly (a) keep personal data not specified on your applications, (b) keep or use personal data for any purpose, or disclose personal data to any person or body, not described in those applications or (c) transfer personal data to a country or territory not named under item 7 above.

8. Where you change your address, you must notify the Commissioner within 15 days of the change of address. 9. The information provided by you in this application will be kept in a register by the Data Protection Commissioner, in accordance with section 36 of the Data Protection Act, and will comprise the public register which may be inspected by members of the public at any time. No other disclosure of the information will be made. SECOND SCHEDULE (regulations 3(a),4(b) 5, 6(b) and 7) Fees 1. Data controller registration fee: Fees (Rs) Having not more than 25 employees 1,000 Having more than 25 employees 2,000 In all other cases 800 2. Data controller renewal fee: 3. Other fees: Government Notices 2009 53 Having not more than 25 employees 750 Having more than 25 employees 1,750 In all other cases 550 Copy of personal data under section 41 of the Act 75 Copy of, or an extract from, an entry from the register under section 37 of the Act 100 Copy of, or an extract from, the register of approved codes and guidelines kept by the Commissioner under section 56 of the Act 350

54 Government Notices 2009 THIRD SCHEDULE (regulation 6(a)) Request for access to personal data (DPO Form 2) Name of data subject (or relevant person): Address of data subject (or relevant person): Profession of data subject (or relevant person) or nature of business: Name of data controller: Address of data controller: Nature of business of data controller: Type of information required from data controller: (whether the data kept by the data controller includes personal data relating to the data subject, the purposes for which the data are being or are to be processed and the recipients to whom the data are being or are to be disclosed) I also wish to have a copy of the personal data and hereby enclose the prescribed fee of Rs... for the data controller. Signature... Date... (* Applicant/Person authorised to sign on behalf of Applicant). (* Delete whichever is not applicable). NOTES: 1. This form must be filled in by the data subject or the relevant person, as the case may be, as described under section 2 of the Data Protection Act, to request any information relating to his personal data kept by the data controller. 2. After filling this form, it must be sent, with the appropriate prescribed fee to the data controller for compliance with the request. 3. Data is information which is capable of being processed manually or by automated means.

Government Notices 2009 55 4. A relevant person, in relation to a data subject, is aperson (a) (b) (c) who has parental authority or has been appointed a guardian by the court where the data subject is a minor; who has been appointed a guardian by the court where the data subject is physically or mentally unfit; in any other case, who is duly authorised by the data subject in writing to make the request. 5. A data controller is a person or a group of persons, who decides on the purposes for which personal data are kept and processed. 6. A data subject is a living individual who is the subject of personal data. 7. Subject to paragraph 8 below, a data controller may refuse a request for access to personal data if he is not supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request and to locate the information which the person seeks, or compliance with the request will be in contravention with his confidentiality obligation under any other enactment. 8. If the data controller is unable to comply with a request within 28 days after the receipt of the request, he must, before the expiry of that period, inform the data subject or the relevant person (as the case may be), that he is unable to comply with the request. The data controller must, if required, state the reasons of his inability to comply with the request. The data controller must, as soon as is reasonably practicable, after expiry of the 28 days, comply with the request.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback