Acts 2017
510
46.
(2)
The report shall include –
(a)
a statement about the operation of Codes of Practice
issued or approved, or Guidelines issued, by the
Commissioner;
(b)
any recommendations that the Commissioner thinks fit,
in relation to compliance with this Act.
Compliance audit
The Commissioner may carry out periodical audits of the systems of
controllers or processors to ensure compliance with this Act.
47.
Codes and Guidelines
(1) The Commissioner may, for the purposes of this Act, issue or
approve Codes of Practice, or issue Guidelines.
(2) The Commissioner may, before issuing or approving a Code
of Practice, or issuing Guidelines, consult such person or authority as he
thinks fit.
(3)
Any Code of Practice –
(a)
may be varied or revoked;
(b)
shall, where it is approved under subsection (1),
come into operation on a day specified by the Commissioner.
48.
Certification
(1) The Office may, in order to encourage compliance of
processing operations by controllers and processors with this Act, lay
down technical standards for data protection certification mechanisms and
data protection seals and marks.
(2)
A certification shall be –
(a) voluntary;
(b) issued to a controller or processor for a maximum
period of 3 years and may be renewed under the same
conditions where the relevant requirements continue to
be met;