!
14
Data Protection
No.
17. The Data Commissioner or any staff of the Office
shall not be held liable for having performed any of their
functions in good faith and in accordance with this Act.
2019
Protection from
personal liability.
PART III— REGISTRATION OF DATA
CONTROLLERS AND DATA PROCESSORS
18. (1) Subject to sub-section (2), no person shall act
as a data controller or data processor unless registered with
the Data Commissioner.
Registration of
data controllers
and data
processors.
(2) The Data Commissioner shall prescribe
thresholds required for mandatory registration of data
controllers and data processors, and in making such
determination, the Data Commissioner shall consider—
(a) the nature of industry;
(b) the volumes of data processed;
(c) whether sensitive personal data is being processed;
and
(d) any other criteria the Data Commissioner may
specify.
19. (1) A data controller or data processor required to
register under section 18 shall apply to the Data
Commissioner.
(2) An application under sub-section (1) shall provide
the following particulars—
(a) a description of the personal data to be processed
by the data controller or data processor;
(b) a description of the purpose for which the personal
data is to be processed;
(c) the category of data subjects, to which the personal
data relates;
(d) contact details of the data controller or data
processor;
(e) a general description of the risks, safeguards,
security measures and mechanisms to ensure the
protection of personal data;
(f) any measures to indemnify the data subject from
unlawful use of data by the data processor or data
controller; and
Application for
registration.