!
No.
2
2019
Data Protection
22. —Cancellation or variation of the certificate.
23. —Compliance and audit.
24. —Designation of the Data Protection Officer.
PART IV—PRINCIPLES AND OBLIGATIONS OF
PERSONAL DATA PROTECTION
25. —Principles of personal data protection.
26. —Rights of a data subject.
27. —Exercise of rights by data subject.
28. —Collection of personal data.
29. —Duty to notify.
30. —Lawful processing of personal data.
31. —Data protection impact assessment.
32. —Conditions for consent.
33. —Processing of personal data relating to a child.
34. —Restriction on processing.
35. —Automated individual decision making.
36. —Objecting to processing.
37. —processing for direct marketing.
38. —Right to data portability.
39. —Limitation to retention of personal data.
40. —Right of rectification and erasure.
41. —Data protection by design or default.
42. —Particulars
of
determining
organisational
measures.
43. —Notification and communication of breach.
PART V—GROUNDS FOR PROCESSING OF
SENSITIVE PERSONAL DATA
44. —Processing of sensitive personal data.
45. —Permitted grounds
personal data.
for
processing
sensitive
46. —Personal data relating to health.
47. —Further categories of sensitive personal data.