0
NOTIFICATION BY DATA
    CONTROLLERS

1                  Vishnu Kesarwani (IMS2007011)
                    Rajendra Prasad...
INTRODUCTION
   The Data Protection Act, 1984 established the Data
    Protection Register and the system of registration...
CONTD…


Purpose
 Transparency or openness



Interest
Notification fulfils the interests of :
 Data controllers

 Data...
NOTIFICATION EXEMPTIONS
The Act provides exemption from notification for data
  controllers.

Exemptions are :

   data c...
CONTD….

   processing personal data for personal, family or household
    affairs

   data controllers who only process...
STAFF ADMINISTRATION EXEMPTION
The processing is for the purposes of

        appointments or
        removals,
       ...
ADVERTISING, MARKETING AND PUBLIC
RELATIONS EXEMPTION

   (a) is for the purposes of
       advertising or
       marke...
ACCOUNTS AND RECORDS EXEMPTION
The processing –

   (a) is for the purposes of
     keeping accounts relating to any bus...
NON PROFIT-MAKING ORGANISATIONS
EXEMPTIONS

The processing -

   (a) is carried out by a data controller which is a body ...
THE REGISTRABLE PARTICULARS
According to Section 16(1) the registrable particulars means:

   Data Controller’s name and ...
Duty of the data controller
Duty to notify changes
 If any changes takes place regarding personal data then
  data contro...
Function of the Commissioner

   As soon as practicable after the passing of this Act, the
    Commissioner shall submit ...
Function of the secretary of state
   The Secretary of State may from time to time require the
    Commissioner to consid...
Offences relating to notification
  It is an offence to process personal data without notification unless:-

     the per...
CONTD…

   It will also be an offence for a person to fail to notify the
    Commissioner of changes to the register entr...
Nature of Offence

   When Data Controller fail to comply the provision of the
    Act or contravene the provision then t...
REFERENCES




                                                                             1/28/2010
 THE DATA PROTECTIO...
THANKS


         18
Upcoming SlideShare
Loading in...5
×

Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)

822

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
822
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)"

  1. 1. NOTIFICATION BY DATA CONTROLLERS 1 Vishnu Kesarwani (IMS2007011) Rajendra Prasad (IMS2007012) 2nd Semester MS (Cyber Law & Information Security) IIIT-Allahabad
  2. 2. INTRODUCTION  The Data Protection Act, 1984 established the Data Protection Register and the system of registration maintained by the Registrar.  The Data Protection Act, 1998 introduced a new system of notification which replaced the registration scheme. Meaning:  Notification is the process by which a data controller informs the Commissioner of certain details about the processing of personal data carried out by that data controller. 2
  3. 3. CONTD… Purpose  Transparency or openness Interest Notification fulfils the interests of :  Data controllers  Data subjects 3
  4. 4. NOTIFICATION EXEMPTIONS The Act provides exemption from notification for data controllers. Exemptions are :  data controllers who only process personal data for :  staff administration  advertising, marketing and public relations (of their own business)  accounts and records  not for profit Organisations 4
  5. 5. CONTD….  processing personal data for personal, family or household affairs  data controllers who only process personal data for the maintenance of a public register  data controllers who do not process personal data on computer 5
  6. 6. STAFF ADMINISTRATION EXEMPTION The processing is for the purposes of  appointments or  removals,  pay,  discipline,  superannuation,  work management or  other personnel matters in relation to the staff of the data controller;  (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective member of staff of the data controller  (c) is of personal data consisting of the name, address and other identifiers of the data subject or information as to -  qualifications, 6 o work experience or o pay
  7. 7. ADVERTISING, MARKETING AND PUBLIC RELATIONS EXEMPTION  (a) is for the purposes of  advertising or  marketing the data controller's business,  activity,  goods or services  and promoting public relations in connection with that business or activity, or those goods or services;  (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective customer or supplier 7
  8. 8. ACCOUNTS AND RECORDS EXEMPTION The processing –  (a) is for the purposes of  keeping accounts relating to any business or  other activity carried on by the data controller, or any person as a customer or supplier, or  keeping records of purchases, sales or  (b) is of personal data in respect of which the data subject is - o a past, o existing or o prospective customer or o supplier 8
  9. 9. NON PROFIT-MAKING ORGANISATIONS EXEMPTIONS The processing -  (a) is carried out by a data controller which is a body or association which is not established or conducted for profit;  (b) is for the purposes of establishing or maintaining membership of or support for the body or association, or providing or administering activities for individuals who are either members of the body or association or have regular contact with it;  (c) is of personal data in respect of which the data subject is -  a past,  existing or  prospective member of the body or organisation; 9
  10. 10. THE REGISTRABLE PARTICULARS According to Section 16(1) the registrable particulars means:  Data Controller’s name and address,  The name and address of the representative,  A description of the personal data,  A description of the purpose or purposes,  A description of any recipient or recipients,  The names, or a description of, any countries or territories outside the European economic area, 10
  11. 11. Duty of the data controller Duty to notify changes  If any changes takes place regarding personal data then data controller is bound by the Act to notify the Commissioner. Duty to make certain information available  The data controller has not notified the relevant particulars in respect of that processing under section 18, the data controller must, within twenty-one days of receiving a written request from any person, make the relevant particulars available to that person in writing free of charge. 11
  12. 12. Function of the Commissioner  As soon as practicable after the passing of this Act, the Commissioner shall submit to the Secretary of State proposals as to the provisions to be included in the first notification regulations.  The Commissioner shall keep under review the working of notification regulations and may from time to time submit to the Secretary of State proposals as to amendments to be made to the regulations. 12
  13. 13. Function of the secretary of state  The Secretary of State may from time to time require the Commissioner to consider any matter relating to notification regulations and to submit to him proposals as to amendments to be made to the regulations in connection with that matter.  Before making any notification regulations, the Secretary of State shall—  (a) consider any proposals made to him by the Commissioner under subsection (1), (2) or (3), and  (b) consult the Commissioner  Power to make provision for appointment of data protection supervisors 13
  14. 14. Offences relating to notification It is an offence to process personal data without notification unless:-  the personal data fall within either of the national security or domestic purposes exemptions,  the personal data are exempt under the transitional exemptions,  the personal data fall within the ―relevant filing system‖/ ―accessible record‖ or public register exceptions referred to above,  the processing operation falls within the exemptions referred to in the Regulations  the processing is of a description which notification regulations provide is exempt from the requirements to notify on the ground that it is unlikely to prejudice the rights and freedoms of data 14 subjects. No such provision was included in the Regulations.
  15. 15. CONTD…  It will also be an offence for a person to fail to notify the Commissioner of changes to the register entry.  The Regulations provided that such notification must be given as soon as practicable and in any event within a period of 28 days from the date upon which the entry becomes inaccurate or incomplete.  Defense: due diligence 15
  16. 16. Nature of Offence  When Data Controller fail to comply the provision of the Act or contravene the provision then the Data Controller will be held liable.  The nature of offence will be criminal.  In all cases the Data Controller will be held strictly liable ( strict liability offence). 16
  17. 17. REFERENCES 1/28/2010  THE DATA PROTECTION ACT, 1998  Data Protection Act 1998: Legal Guidance; available from http://www.ico.gov.uk/upload/documents/library/data_protection/detailed _specialist_guides/data_protection_act_legal_guidance.pdf  Hamilton, Angus and Jay, Rosemary, Data Protection Act 1998 (UK: Sweet & Maxwell, 1999) 17
  18. 18. THANKS 18
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×