Acts 2017
494
(ii) the purpose of preventive or occupational
medicine, for the assessment of the working
capacity of an employee, medical diagnosis, the
provision of health or social care or treatment or
the management of health or social care systems
and services or pursuant to a contract with a
health professional and subject to the conditions
and safeguards referred to in subsection (2);
(iii) the purpose of carrying out the obligations and
exercising specific rights of the controller or of
the data subject; or
(iv) protecting the vital interests of the data subject
or of another person where the data subject is
physically or legally incapable of giving consent.
(2) The personal data referred to in subsection (1) may be
processed for the purposes referred to in subsection (1)(d)(ii) where the data
are processed by or under the responsibility of a professional or other person
subject to the obligation of professional secrecy under any enactment.
(3) Any person who contravenes subsection (1) shall commit an
offence and shall, on conviction, be liable to a fine not exceeding 100, 000
rupees and to imprisonment for a term not exceeding 5 years.
30.
Personal data of child
(1) No person shall process the personal data of a child below the
age of 16 years unless consent is given by the child’s parent or guardian.
(2) Where the personal data of a child below the age of 16 years is
involved, a controller shall make every reasonable effort to verify that consent
has been given or authorised, taking into account available technology.
31.
Security of processing
(1) A controller or processor shall, at the time of the determination
of the means for processing and at the time of the processing –
(a) implement appropriate security and organisational
measures for –
(i) the prevention of unauthorised access to;