1 HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia PRESENTATION OF THE DRAFT DATA PROTECTION POLICY FOR NAMIBIA Pria Chetty, ITU International Legal Expert on Data Protection International Telecommunication Union
2 INTRODUCTION International Telecommunication Union
3 Introduction Why adopt Data Protection Policy? Vast quantities of data to be transmitted within seconds across national frontiers, and indeed across continents, has made it necessary to consider privacy protection in relation to personal data. Privacy protection laws (or policy statements) have been introduced in several developed and developing countries to prevent violations of fundamental human rights, such as the unlawful storage of personal data, the storage of inaccurate personal data, or the abuse or unauthorised disclosure of such data. Disparities in national legislations could hamper the free flow of personal data across frontiers; countries considered it necessary to harmonise national privacy legislation and, upholding such human rights and prevent interruptions in international flows of data. Source: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
4 Introduction Why adopt Data Protection Policy? Need to introduce at policy level - Data Protection Principles to ensure personal information is: used fairly and lawfully used for limited, specifically stated purposes used in a way that is adequate, relevant and not excessive accurate not retained for longer than is necessary handled according to privacy and data protection rights retained securely, with the integrity intact not transferred outside Namibia without adequate protection
5 DRAFT DATA PROTECTION POLICY FOR NAMIBIA International Telecommunication Union
6 Foreword to Policy The point of departure has been to facilitate the protection of personal data in Namibia by translating international principles of data protection into policy statements. By embracing principles of data protection, it is intended that Namibians will benefit through mitigation of abuses of personal data as well as from trade opportunities associated with internationally aligned data protection approaches.
7 Foreword to Policy The Policy should be read in conjunction with the ICT Policy that is in line with national, regional, continental and global developments in the Information and Communications Technology (ICT) sector. The Namibian Government s Vision 2030 document provides that ICT must be the most important sector in the economic development of the country by Core to the achievement of this Vision is a demand driven need to transform Namibia into a knowledge based economy where the exchange of data and personal data according to rules and principles of treatment will be critical.
8 Foreword to Policy In addition, the increase in institutional capacity to develop, regulate and implement this policy is paramount. The proposed establishment of a Data Protection Authority (in line with international trends) is an important first step on this journey, but much work remains, particularly in understanding how this Authority will function and collaborate with similar structures in other areas of regulation. Finally, a proposed new Data Protection Bill will give effect to major aspects of this Policy.
9 Definitions used in Policy Data controller or controller: refers to any natural person, legal person or public body which alone or jointly with others determines the purpose and means of processing of personal data. Where the purpose and means of processing are determined by or by virtue of an act, decree or ordinance, the controller is the natural person, legal person or public body has been designated as such by or by virtue of that act, decree or ordinance. Data subject: refers to any individual who is the subject of personal data processed and who is identified or identifiable. Personal data or personal information: refers any information relating to an identified or identifiable person;.
10 Definitions used in Policy Processing or processing of personal data: refers to any operation or set of operations which is taken in regard to personal data, whether or not it occurs by automatic means and includes, the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data. Data Protection Authority or Authority: refers to an independent administrative authority responsible for ensuring that personal data is processed in compliance with the provisions of the data protection law enacted.
11 Policy Goals The Government of Namibia in this Policy sets out policy statements: To protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of data. To protect Namibian citizens from abuse of their personal data. To promote harmonisation of Namibia s data protection policy and legal frameworks with other regional and international jurisdictions, ensuring the free flow of personal data under conditions of assurance and trust
12 Guiding Principles - Scope of Policy This Policy pertains to protection of personal data, in public or private sectors, which, because of the manner in which they are processed, or because of their nature or the context in which they are used, pose a danger to privacy and individual liberties. This Policy should not be interpreted as preventing: application, to different categories of personal data, of different protective measures depending upon their nature and the context in which they are collected, stored, processed or disseminated; or the exclusion of personal data which obviously does not contain any risk to privacy and individual liberties. Exceptions to Policy statements One and Two, including those relating to national sovereignty, national security and public policy, should be: as few as possible, and made known to the public.
13 Policy Statements Title - Collection Limitation Policy statement - There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. Title - Data Quality Policy statement - Personal data should be relevant to the purposes for which they are to be used and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
14 Policy Statements Title - Purpose Specification Policy statement - The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. Title - Use Limitation Policy statement - Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with except: with the consent of the data subject; or by the authority of law.
15 Policy Statements Title - Security Safeguards Policy statement - Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data. Title - Openness Policy statement - There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
16 Policy Statements Title - Individual Participation Policy statement - An individual should have the right: to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
17 Policy Statements Title - Accountability Policy statement - A data controller should be accountable for complying with measures which give effect to the principles stated above. The principle of Accountability places an onus on the data controller to ensure that personal data is treated according to the policy and in time, the Data Protection Law.
18 Cross Border Transfer of Personal Data Namibia shall take into consideration the implications of crossborder (transborder) transfer of personal data to countries for processing. Namibia shall promote that all reasonable and appropriate steps to ensure that transborder flows of personal data, are uninterrupted and secure. Namibia shall refrain from restricting transborder flows of personal data between itself and another country except where the latter does not yet substantially observe compatible protection of personal data in its domestic privacy legislation. Namibia shall avoid developing laws, policies and practices in the name of the protection of privacy and individual liberties, which would create obstacles to transborder flows of personal data that would exceed requirements for such protection.
19 National Implementation Namibia shall establish legal, administrative or other procedures or institutions for the protection of privacy and individual liberties in respect of personal data. Namibia, in particular shall endeavour to: adopt appropriate legislation; encourage and support self-regulation, whether in the form of codes of conduct or otherwise; provide for reasonable means for individuals to exercise their rights; provide for adequate sanctions and remedies in case of failures to comply with legislated measures for the protection of personal data ; and ensure that there is no unfair discrimination against data subjects.
20 International Cooperation Namibia shall, where requested, make known to other countries details of the observance of the principles of protection of personal data as set forth in policy statements. Member countries should also ensure that procedures for transborder flows of personal data and for the protection of privacy and individual liberties are simple and compatible with those of other SADC and AU regions and other international commitments. Namibia shall establish procedures to facilitate: information exchange with other countries in accordance with this Policy, and mutual assistance in the procedural and investigative matters involved. Namibia shall co-operate in regional and international objectives towards the development of principles, to govern the applicable standards in the case of transborder flows of personal data.
21 Roles and Structures Role of Government The role of government is to promote effective policy and legislative framework for data protection in Namibia in order to render fair and equitable principles that balance the need for protection of personal data and interests of data subjects with the industry requirements for ease of exchange of personal data in the context of trade and economic growth and development. Role of the Data Protection Authority There shall be established a Data Protection Authority, being a juristic person and operates independently and is governed by a Board of Commissioners. The Board is appointed in accordance with the State Owned Enterprises Governance Act (2006). Beyond jurisdiction on the processing of personal data by public and private bodies, the Authority shall also provide for the regulation of marketing and automated transactional services in so far as the processing of personal data is concerned.
22 Roles and Structures Roles of industry Assessing and aligning personal data collection, handling, distribution and other processing practices with policy and legislative frameworks for fair and lawful personal data processing. Role of data subjects Data subjects, as the identifiable subjects of personal data are required to understand their associated rights and the responsibilities of data controllers processing their personal data. Data subjects should in day to day terms in their dealings with data controllers require transparency and accountability regarding the processing of their personal data.
23 Concluding Thoughts The Policy that will establish the mechanisms for protection of personal information in line with internationally accepted standards and principles of data protection. The establishment of a protection regime for personal data will only be effective with the creation of a Data Protection Authority in order to foster compliance with the law and protection of privacy. The fulfillment of ICT goals and an effective knowledge economy will rely on effective principles of data protection to build trust and assurance of minimum standards of personal information protection.
24 THANK YOU Questions? Pria Chetty International Law Expert: Data Protection Samson N Muhapi National Law Expert: Data Protection
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
Intel Corporation is pleased to file comments on the Department of Commerce National Telecommunications and Information Administration s Notice of Inquiry, Information Privacy and Innovation in the Internet
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
OECD Policies for Information Security & Privacy Internet Economy Data Controller Virus Vulnerabilities Passwords Sensor Networks Cross-Border Enforcement Co-Operation Identity Management Privacy & Data
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
CHAPTER 14 ELECTRONIC COMMERCE Article 14.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
Data Protection Acts 1988 and 2003 A Guide to Your Rights :1 Definitions As with any legislation, certain terms have particular meaning. The following are some useful definitions: Data means information
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (90) 19 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA USED FOR PAYMENT AND OTHER RELATED OPERATIONS' (Adopted
Data Protection Personal Data Protection Protection of personal data Living in an area of freedom, security and justice Croatia and Turkey Screening Chapter 23 - Judiciary and fundamental rights Brussels,
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
ICC/ESOMAR INTERNATIONAL CODE ON MARKET AND SOCIAL RESEARCH INTRODUCTION The first Code of Marketing and Social Research Practice was published by ESOMAR in 1948. This was followed by a number of codes
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
1. OECD GUIDELINES GOVERNING THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA 11 Chapter 1. Recommendation of the Council concerning Guidelines governing the Protection of Privacy and Transborder
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
DRAFT BILL PROPOSITION Establishes principles, guarantees, rights and obligations related to the use of the Internet in Brazil. THE NATIONAL CONGRESS decrees: CHAPTER I PRELIMINAR PROVISIONS Article 1.
East Northamptonshire Council Policy & Community Development Data Protection Policy December 2007 If you would like to receive this publication in an alternative format (large print, tape format or other
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES
Leeds City Council Data Protection Policy - 1 - Document Control Organisation Leeds City Council Title Data Protection Policy Author Mark Turnbull, Legal Services Filename DPA policyvr1.doc Owner Assistant
COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (95) 4 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA IN THE AREA OF TELECOMMUNICATION SERVICES, WITH PARTICULAR
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
Data Protection Working Group Final Report on the Draft Data Protection Bill Background In August 2009, upon a request from the Hon. Attorney General, the Governor-in-Cabinet established a Data Protection
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
THE EU DIRECTIVE ON DATA PROTECTION AND THE US SAFE HARBOR 1 This white paper is intended for general information purposes only. It is not intended as legal advice. The reader is urged to consult a qualified
7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing
Privacy and Data Protection Policy Policy CP017 Prepared Reviewed Approved Date Council Minute No. Manager Corporate Administration SMT Council 25 February 2016 2016/0032 Trim File: 18/02/01 To be reviewed:
LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY Introduction 1. Looe Community Academy Trust (the Academy) is required to maintain certain personal data about living individuals for the purposes of
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
THE OECD PRIVACY FRAMEWORK 2013 ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where governments work together to address the economic, social and environmental challenges
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
TELECOMMUNICATIONS BUSINESS ACT, B.E. 2544 (2001) (Translation by the Post and Telegraph Department) Telecommunications Business Act, B.E. 2544 (2001) BHUMIBOL ADULYADEJ, REX; Given on the 9th Day of November
Data Protection Policy January 2016 Next Review Due: January 2017 Co-ordinator: Miss M Rudge/Mrs J McColl 1 ACADEMY DATA PROTECTION POLICY POLICY DATE: JANUARY 2016 REVIEW DATE: JANUARY 2017 Introduction
APEC PRIVACY FRAMEWORK Information flows are vital to conducting business in a global economy. The APEC Privacy Framework promotes a flexible approach to information privacy protection across APEC member
DATA PROTECTION: THE EU REFORM PROPOSALS Timothy Pitt-Payne QC INTRODUCTION 1. The Commission s reform proposals are set out in detail at: http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including
Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development RECOMMENDATION OF THE OECD COUNCIL CONCERNING GUIDELINES FOR CONSUMER PROTECTION IN THE
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
RETHINKING THE CONCEPT OF INFORMATION PRIVACY: A JAPANESE PERSPECTIVE Yohko Orito and Kiyoshi Murata Abstract On 1 April 2005, the Japanese government enforced Act on the Protection of Personal Information
Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises
Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
Health IT Strategic Framework: Strategic Themes, Principles, Objectives, and Strategies Office of the National Coordinator for Health Information Technology March 8, 2010 Version 23 1 I. BACKGROUND & CHARGE
INTRODUCTION CONSUMER COUNCIL RESPONSE TO A CONSULTATION PAPER ON DRAFT GUIDELINES FOR THE REGULATION OF AUTOMATED TRADING SERVICES 1. The Council welcomes the Securities and Futures Commission s (SFC)
BHCC Policy Summary 1 Policy Name Data Protection Policy. 2 Purpose of Policy To define the standards expected of all Brighton & Hove City Council employees, and any third parties, when processing information
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6
MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information