w) “The Agency” means the National Information Technology Development Agency
and
x) “Third Party” means any natural or legal person, public authority, establishment
or any other body other than the Data Subject, the Data Controller, the Data
Administrator and the persons who are engaged by the Data Controller or the
Data Administrator to process personal data.
2.0 PART TWO
2.1 GOVERNING PRINCIPLES OF DATA PROCESSING
(1) In addition to the procedures laid down in this Regulation or any other instrument
for the time being in force, personal data shall be:
a) collected and processed in accordance with specific, legitimate and lawful
purpose consented to by the Data Subject; provided that:
i. a further processing may be done only for archiving purposes in the
public interest, scientific or historical research purposes or statistical
purposes;
ii. any person or entity carrying out or purporting to carry out data
processing under the provision of this paragraph (b) shall not transfer any
personal data to any person;
b) adequate, accurate and without prejudice to the dignity of human person;
c) stored only for the period within which it is reasonably needed and
d) secured against all foreseeable hazards and breaches such as theft,
cyberattack, viral attack, dissemination, manipulations of any kind, damage by
rain, fire or exposure to other natural elements.
(2) Anyone who is entrusted with the personal data of a data subject or who is in
possession of the personal data of a data subject owes a duty of care to the said
data subject;
(3) Anyone who is entrusted with the personal data of a data subject or who is in
possession of the personal data of a data subject shall be accountable for his
acts and omissions in respect of data processing and in accordance with the
principles contained in Subsection 1of this Section.
7