Act
Data Protection And Privacy Act
2019
PART lI - PRli\CIPLES OF DATA PROTECTIO:\
3.
Principles of data protection.
(1) A data collector, data processor or data controller or any
person who collects, processes, holds or uses personal data shall(a) be accountable to the data subject for data collected,
processed held or used;
(b) collect and process data fairly and lawfully;
(c) collect, process, use or hold adequate, relevant and not
excessive or unnecessary personal data ;
(d) retain personal data for the period authorised by law or for
which the data is required;
(e) ensure quality of information collected, processed , used or
held;
(f)
ensure transparency and participation of the data subject in
the collection, processing, use and holding of the personal
data; and
(g) observe security safeguards in respect of the data.
(2) The Authority shall ensure that every data collector, data
controller, data processor or any other person collecting or processing
data complies with the principles of data protection and this Act.
4. Establishment of the personal data protection office.
(1) There is established a personal data protection office
responsible for personal data protection under the Authority which
shall report directly to the Board.
(2) The personal data protection office established in subsection
(1) shall be headed by a national personal data protection director
appointed on such terms and conditions as may be specified in his or
her instrument of appointment.