Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
1 like903 views
The document discusses notification requirements for data controllers under the UK Data Protection Act of 1998. It provides definitions and explanations of key terms like notification, registrable particulars, and exemptions. Notification requires data controllers to inform the Commissioner about their personal data processing. Exemptions exist for staff administration, marketing, accounts, non-profits, and more. Data controllers must notify the Commissioner of any changes and make certain information available to data subjects. The Commissioner oversees notification regulations while the Secretary of State consults on amendments. Failing to notify is a criminal offence unless an exemption applies.
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
- 1. NOTIFICATION BY DATA CONTROLLERS 1 Vishnu Kesarwani (IMS2007011) Rajendra Prasad (IMS2007012) 2nd Semester MS (Cyber Law & Information Security) IIIT-Allahabad
- 2. INTRODUCTION The Data Protection Act, 1984 established the Data Protection Register and the system of registration maintained by the Registrar. The Data Protection Act, 1998 introduced a new system of notification which replaced the registration scheme. Meaning: Notification is the process by which a data controller informs the Commissioner of certain details about the processing of personal data carried out by that data controller. 2
- 3. CONTD… Purpose Transparency or openness Interest Notification fulfils the interests of : Data controllers Data subjects 3
- 4. NOTIFICATION EXEMPTIONS The Act provides exemption from notification for data controllers. Exemptions are : data controllers who only process personal data for : staff administration advertising, marketing and public relations (of their own business) accounts and records not for profit Organisations 4
- 5. CONTD…. processing personal data for personal, family or household affairs data controllers who only process personal data for the maintenance of a public register data controllers who do not process personal data on computer 5
- 6. STAFF ADMINISTRATION EXEMPTION The processing is for the purposes of appointments or removals, pay, discipline, superannuation, work management or other personnel matters in relation to the staff of the data controller; (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective member of staff of the data controller (c) is of personal data consisting of the name, address and other identifiers of the data subject or information as to - qualifications, 6 o work experience or o pay
- 7. ADVERTISING, MARKETING AND PUBLIC RELATIONS EXEMPTION (a) is for the purposes of advertising or marketing the data controller's business, activity, goods or services and promoting public relations in connection with that business or activity, or those goods or services; (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective customer or supplier 7
- 8. ACCOUNTS AND RECORDS EXEMPTION The processing – (a) is for the purposes of keeping accounts relating to any business or other activity carried on by the data controller, or any person as a customer or supplier, or keeping records of purchases, sales or (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective customer or o supplier 8
- 9. NON PROFIT-MAKING ORGANISATIONS EXEMPTIONS The processing - (a) is carried out by a data controller which is a body or association which is not established or conducted for profit; (b) is for the purposes of establishing or maintaining membership of or support for the body or association, or providing or administering activities for individuals who are either members of the body or association or have regular contact with it; (c) is of personal data in respect of which the data subject is - a past, existing or prospective member of the body or organisation; 9
- 10. THE REGISTRABLE PARTICULARS According to Section 16(1) the registrable particulars means: Data Controller’s name and address, The name and address of the representative, A description of the personal data, A description of the purpose or purposes, A description of any recipient or recipients, The names, or a description of, any countries or territories outside the European economic area, 10
- 11. Duty of the data controller Duty to notify changes If any changes takes place regarding personal data then data controller is bound by the Act to notify the Commissioner. Duty to make certain information available The data controller has not notified the relevant particulars in respect of that processing under section 18, the data controller must, within twenty-one days of receiving a written request from any person, make the relevant particulars available to that person in writing free of charge. 11
- 12. Function of the Commissioner As soon as practicable after the passing of this Act, the Commissioner shall submit to the Secretary of State proposals as to the provisions to be included in the first notification regulations. The Commissioner shall keep under review the working of notification regulations and may from time to time submit to the Secretary of State proposals as to amendments to be made to the regulations. 12
- 13. Function of the secretary of state The Secretary of State may from time to time require the Commissioner to consider any matter relating to notification regulations and to submit to him proposals as to amendments to be made to the regulations in connection with that matter. Before making any notification regulations, the Secretary of State shall— (a) consider any proposals made to him by the Commissioner under subsection (1), (2) or (3), and (b) consult the Commissioner Power to make provision for appointment of data protection supervisors 13
- 14. Offences relating to notification It is an offence to process personal data without notification unless:- the personal data fall within either of the national security or domestic purposes exemptions, the personal data are exempt under the transitional exemptions, the personal data fall within the ―relevant filing system‖/ ―accessible record‖ or public register exceptions referred to above, the processing operation falls within the exemptions referred to in the Regulations the processing is of a description which notification regulations provide is exempt from the requirements to notify on the ground that it is unlikely to prejudice the rights and freedoms of data 14 subjects. No such provision was included in the Regulations.
- 15. CONTD… It will also be an offence for a person to fail to notify the Commissioner of changes to the register entry. The Regulations provided that such notification must be given as soon as practicable and in any event within a period of 28 days from the date upon which the entry becomes inaccurate or incomplete. Defense: due diligence 15
- 16. Nature of Offence When Data Controller fail to comply the provision of the Act or contravene the provision then the Data Controller will be held liable. The nature of offence will be criminal. In all cases the Data Controller will be held strictly liable ( strict liability offence). 16
- 17. REFERENCES 1/28/2010 THE DATA PROTECTION ACT, 1998 Data Protection Act 1998: Legal Guidance; available from http://www.ico.gov.uk/upload/documents/library/data_protection/detailed _specialist_guides/data_protection_act_legal_guidance.pdf Hamilton, Angus and Jay, Rosemary, Data Protection Act 1998 (UK: Sweet & Maxwell, 1999) 17
- 18. THANKS 18