38.
Duration of registration
(1)
Any registration under section 34 shall be for a period not exceeding one
year and on the expiry of such period, the relevant entry shall be
cancelled unless the registration is renewed.
(2)
The period specified under subsection (1) shall be calculated (a)
in the case of a first registration, from the date on which the
relevant entry was made in the register; and
(b)
in the case of a registration which has been renewed, from the
date on which it was renewed.
(3)
The Commissioner may, subject to this Act, renew a registration upon
application by any data controller or data processor, and on payment of
such fee as may be prescribed.
Amended by [Act No. 1 of 2009]
39.
Failure to register or to renew registration
Any data controller or data processor who, without reasonable excuse
or lawful authority, keeps or processes any personal data or sensitive
personal data, without registering himself or renewing his registration,
shall commit an offence.
Amended by [Act No. 1 of 2009]
40.
Certificate issued by Commissioner
In any proceedings in which the registration of a person as a data controller or a
data processor is in question, a certificate under the hand of the Commissioner
that there is no entry in the register in respect of the person as a data controller
or data processor, shall be conclusive evidence of that fact.