(3) A data controller shall register with the Commission.
Application for registration
47. (1) An application for registration as a data controller shall be made
in writing to the Commission and the applicant shall furnish the following
particulars:
(a) the business name and address of the applicant;
(b) the name and address of the company’s representative where the
company is an external company;
(c) a description of the personal data to be processed and the
category of persons whose personal data are to be collected;
(d) an indication as to whether the applicant holds or is likely to hold
special personal data;
(e) a description of the purpose for which the personal data is being
or is to be processed;
(f) a description of a recipient to whom the applicant intends to
disclose the personal data;
(g) the name or description of the country to which the appli- cant
may transfer the data;
(h) the class of persons or where practicable the names of persons whose
personal data is held by the applicant;
(i) a general description of measures to be taken to secure the data;
and
(j) any other information that the Commission may require. (2) An
applicant who knowingly supplies false information in support of an
application for registration as a data controller commits an
offence and is liable on summary conviction to a fine of not more than one
hundred and fifty penalty units or a term of imprisonment of not more than
one year or to both.
(3) Where a data controller intends to keep personal data for two or more
purposes the Commission shall make separate entries for each purpose in the
Register.
Right to refuse registration
48. (1) The Commission shall not grant an application for registration under
this Act where
(a) the particulars provided for inclusion in an entry in the
Register are insufficient;
(b) the appropriate safeguards for the protection of the privacy of the