Acts 2017
20.
487
Register of controllers and processors
(1) There shall be a register of controllers and processors to be
known as the Data Protection Register, which shall be kept and maintained
by the Commissioner in such form and manner as he may determine.
(2) The Commissioner may, at any time, at the request of a
controller or processor, in respect of which there is an entry in the register
and which has ceased to exist, remove its details from the register.
(3) (a) The register shall, at all reasonable times, be available
for inspection by any person free of charge.
(b) Any person may, on payment of such fee as may be
prescribed, obtain from the Commissioner a certified copy of, or of an
extract from, any entry in the register.
PART IV – OBLIGATIONS ON CONTROLLERS AND PROCESSORS
21.
Principles relating to processing of personal data
Every controller or processor shall ensure that personal data are –
(a)
processed lawfully, fairly and in a transparent manner in
relation to any data subject;
(b)
collected for explicit, specified and legitimate purposes and
not further processed in a manner incompatible with those
purposes;
(c)
adequate, relevant and limited to what is necessary in relation
to the purposes for which they are processed;
(d)
accurate and, where necessary, kept up to date, with every
reasonable step being taken to ensure that any inaccurate
personal data are erased or rectified without delay;
(e)
kept in a form which permits identification of data subjects
for no longer than is necessary for the purposes for which the
personal data are processed; and
(f)
processed in accordance with the rights of data subjects.