Acts 2017
485
(e)
a description of the purpose for which the personal data
are to be processed;
(f)
a description of any recipient to whom the controller
intends or may wish to disclose the personal data;
(g)
the name, or a description of, any country to which the
proposed controller intends or may wish, directly or
indirectly, to transfer the data; and
(h)
a general description of the risks, safeguards, security
measures and mechanisms to ensure the protection of
the personal data.
(3) Any controller or processor who knowingly supplies any
information under subsection (1) which is false or misleading in a material
particular shall commit an offence and shall, on conviction, be liable to
a fine not exceeding 100, 000 rupees and to imprisonment for a term not
exceeding 5 years.
16.
Issue of registration certificate
(1) Where the Commissioner considers that an applicant meets
the criteria to be registered as a controller or processor, as the case may be,
he shall grant the application.
(2) Where the Commissioner grants an application for registration
as a controller or processor, he shall, on such terms and conditions as he
may determine, register the applicant as a controller or processor, as the
case may be, and issue the applicant, on payment of such fee as may be
prescribed, with a registration certificate in such form and manner as the
Commissioner may determine.
(3) A registration certificate issued under subsection (2) shall be
valid for a period of 3 years.
17.
Change in particulars
(1) Where, following the grant of an application, there is a
change in any of the particulars referred to in section 15(2), the controller
or processor, shall, within 14 days of the date of the change, notify the
Commissioner in writing of the nature and date of the change.