320
The Data Protection Bill, 2018
(b) unlawful access to or an unauthorised processing.
(2) In compliance with subsection (1), an agency shall
take reasonable measures to (a) identify reasonably foreseeable internal and
external risks;
establish and maintain appropriate safeguards
against the identified risks;
regularly verify that the safeguards are effectively
implemented; and
ensure that the safeguards are continually updated.
(3) An agency shall observe generally acceptable
security practices and procedure, including specific
industry or professional rules and regulations.
16. Where there are reasonable grounds to believe that
the personal data of a data subject has been accessed or
processed by unauthorised person, the agency shall
Notification of
security
compromises.
-
as soon as reasonably practicable after the
discovery of the unauthorised access or processing
of the data, notify the Commission and the data
subject; and
take steps to ensure the restoration of the integrity
of the information system.
17. (1) Where an agency stores personal data or where
a person believes that an agency is storing personal data
relating to him or her, in a readily retrievable form, the
personmay obtain from the agency, a confirmation as to
whether the agency holds such personal data; and
Access to personal
a a.
No.31 of 2016.
shall have access to that data.
Subsection (1) shall not apply to exempt
information.
The procedure for making an application for, and
obtaining access to information under the Access to
Information Act shall apply to subsection (1).
18. (1) An agency which holds personal data shall, if
requested by a data subject or on its own initiative, take
steps to correct or delete false or misleading data.
Correction of
information.