(b)
(2)
it is required or permitted under any other enactment.
Subject to subsection (3), a data controller shall not take any adverse
action against any data subject as a consequence of the carrying out of a
data matching procedure –
(a)
unless the data controller has served a notice in writing on the
data subject –
(i)
specifying the adverse action it proposes to take and the
reasons therefor;
(ii)
stating that the data subject has 7 days after the receipt
of the notice to show cause why the adverse action
should not be taken; and
(b)
(3)
until the expiry of the 7 days specified in paragraph (a).
Subsection (2) shall not preclude a data controller from taking any
adverse action against any data subject if compliance with the
requirements of that subsection shall prejudice any investigation into the
commission of any offence which has been, is being or is likely, to be
committed.
PART V - THE DATA PROTECTION REGISTER
33.
Register of data controllers and data processors
(1)
There shall be a register of data controllers and data processors
to be known as the Data Protection Register, which shall be kept
and maintained by the Commissioner.
(2)
Subject to Part VII, every data controller and data processor
shall, before keeping or processing personal data or sensitive
personal data, register himself with the Commissioner.