Amended by [Act No.1 of 2009]
34.
Application for registration
(1)
Every data controller and data processor shall –
(a)
apply for registration in writing to the Commissioner; and
(b)
together with the application, provide the particulars specified, in
the case of a data controller, in section 35 and, in the case of a
data processor, in section 35A.
(2)
Where any data controller or data processor intends to keep or
process personal data or sensitive personal data for 2 or more
purposes, he shall make an application for separate registration in
respect of any of those purposes and, entries shall be made in
accordance with any such applications.
(3)
Subject to subsection (4), the Commissioner shall grant an application
for registration, unless he reasonably believes that –
(a)
the particulars proposed for inclusion in an entry in the register are
insufficient or any other information required by the Commissioner
either has not been furnished, or is insufficient;
(b)
appropriate safeguards for the protection of the privacy of the data
subjects concerned are not being, or will not continue to be,
provided by the data controller; or
(c)
the person applying for registration is not a fit and proper person.
(4) Upon registration of an application, the applicant shall pay such fee as may
be prescribed.
(5) Where the Commissioner refuses an application for registration, he shall, as
soon as reasonably practicable, notify in writing the applicant of the refusal –
(a)
specifying the reasons for the refusal; and