Institute for Judicial and Legal Studies

Similar documents
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

BCS, The Chartered Institute for IT Consultation Response to:

New EU Data Protection legislation comes into force today. What does this mean for your business?

005ASubmission to the Serious Data Breach Notification Consultation

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine

5419/16 ADD 1 VH/np 1 DGD 2C

Cloud Software Services for Schools

European Commission s Document Management (Policy, IT, Security & Privacy) by Natalia Aristimuño-Pérez EC.DIGIT.B1

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

(DRAFT)( 2 ) MOTION FOR A RESOLUTION

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Video surveillance policy (PUBLIC)

Factsheet on the Right to be

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Cloud Software Services for Schools

REGULATORY PROPOSALS FOR PUBLIC COMMENT REAL ESTATE REGULATIONS INCREASING TRANSPARENCY IN MULTIPLE OFFER TRANSACTIONS

"choose your own device" : the employer still provides the hardware and the employee can choose e.g. the model.

I. Personal data and its use in the business to business environment.

slaughter and may The new EU Data Protection Regulation revolution or evolution?

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

1 LAWS of MINNESOTA 2015 Ch 67, s 2. CHAPTER 67--S.F.No. 86 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

E-PRIVACY DIRECTIVE: Personal Data Breach Notification

Act on Background Checks

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

Overview. Data protection in a swirl of change Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Declaration of Internet Rights Preamble

TEXTUAL PROPOSAL TECHNICAL BARRIERS TO TRADE (TBT) Article 1 Objective and Scope

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

PRIVACY POLICY. "Personal Information" comprising:

Data Protection Policy

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

Guidelines on Data Protection. Draft. Version 3.1. Published by

Privacy Law in Canada

Privacy and Cloud Computing for Australian Government Agencies

Comments of the EDPS in response to the public consultation on

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

The potential legal consequences of a personal data breach

Mitigating and managing cyber risk: ten issues to consider

COMPUTER USAGE -

Privacy and Electronic Communications Regulations

Privacy by Design. Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

Article 29 Working Party Issues Opinion on Cloud Computing

Statement of Community Involvement

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

technical factsheet 176

Data Processing Agreement for Oracle Cloud Services

Data and Cyber Laws Up-date 9 July 2015

H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

Zinc Recruitment Pty Ltd Privacy Policy

Mexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.

Information Governance Policy

Regulation of Investigatory Powers Act 2000

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Video surveillance at EFSA Implementing rules and technical specifications

Data Security and Extranet

FRANCE. Chapter XX OVERVIEW

Information Governance Strategy :

SECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE

Data Protection Breach Management Policy

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

Our Commitment to Information Security

Transcription:

Institute for Judicial and Legal Studies «The Data Protection Reform for Mauritius» Presented by Mrs Drudeisha Madhub (Data Protection Commissioner) Email: pmo-dpo@mail.gov.mu Tel:+230 201 36 04 Helpdesk:+230 203 90 76 Website: http://dataprotection.gov.mu Address: 4th Floor, Emmanuel Anquetil Building, Port Louis, Mauritius

The Data Protection Office Data Protection in Mauritius has its origins in the National Information, Communication and Telecommunication Strategic Plan 2007-2011 which recommended the setting up of the Data Protection Office.

The Data Protection Office The Data Protection Act 2004 was proclaimed in its entirety on the 16th of February 2009, except for section 17(5). In addition, the Data Protection Regulations 2009 (GN 22/09) were enacted to cater for the registration fees for data controllers, other prescribed fees, the registration form for data controllers and the request for access to personal data form which represents the form to be used by data subjects who are living individuals, for requesting access to their personal data from data controllers. The Data Protection Act 2004 gives individuals rights to protect them against data protection breaches, and creates obligations for those keeping personal information. Under the Act, individuals have the right to be informed of any data processing activity which relate to them as data subjects.

Reasons for having a legislation There are several reasons for having legislation to regulate the collection and use of personal data: Technology now makes it easy to gather, retrieve, disseminate and manipulate huge amounts of personal data. This has given rise to concerns that the privacy of individuals can be easily compromised. Data protection legislation is also a prerequisite for attracting certain off-shore investment services.

Reasons of having a legislation Lack of security and privacy is often cited as the main reason for the slow growth of electronic transactions, (and thus, e-commerce and egovernment). Several international surveys showed it to be the number one concern of businesses in doing business. The legislation thus promotes e-government and ecommerce in Mauritius as the availability of legal protection of personal data will encourage consumers and businesses to transact online.

Data Protection Act complements the objectives of the Electronic Transactions Act It : Protects the individual s right to privacy thus giving them greater confidence in the use of e-commerce and e- government. Provides enhanced protection for the physical and electronic security of personal information. Ensures personal information is used correctly, that the information is accurate and limits access to the information to only those with a legitimate right to the information. Ensures successful facilitation of trading relations with international partners that have similar legislation.

EU Data Protection Directive The EU s 1995 Data Protection Directive sets a milestone in the history of personal data protection. Its basic principles, ensuring a functioning internal market and an effective protection of the fundamental right of individuals to data protection, are as valid today as they were 17 years ago. But differences in the way that each EU country implements the law have led to an uneven level of protection for personal data, depending on where an individual lives or buys goods and services.

EU Data Protection Directive The current rules also need to be modernised they were introduced when the Internet was still in its infancy. Rapid technological developments and globalisation have brought new challenges for data protection. With social networking sites, cloud computing, location-based services and smart cards, we leave digital traces with every move we make. In this brave new data world we need a robust set of rules. The EU s data protection reform will ensure the new rules are future-proof and fit for the digital age.

The key changes A right to be forgotten will help people better manage data-protection risks online. When they no longer want their data to be processed and there are no legitimate grounds for retaining it, the data will be deleted. Whenever consent is required for data processing, it will have to be given explicitly, rather than be assumed.

The key changes Easier access to one s own data and the right of data portability, i.e. easier transfer of personal data from one service provider to another. Companies and organisations will have to notify serious data breaches without undue delay, where feasible within 24 hours. A single set of rules on data protection, valid across the EU and will also impact the local rules. Companies will only have to deal with a single national data protection authority in the country where they have their main establishment.

The key changes Individuals will have the right to refer all cases to their home national data protection authority, even when their personal data is processed outside their home country. EU rules will apply to companies not established in the EU, if they offer goods or services in the EU or monitor the online behaviour of citizens. Increased responsibility and accountability for those processing personal data.

The key changes Unnecessary administrative burdens such as notification requirements for companies processing personal data will be removed. National data protection authorities will be strengthened so they can better enforce the EU rules at home

The main features of the data protection act The Data Protection (Amendment) Bill at its final stage of vetting by the State Law Office will soon see light. The rationale of the amendments is to render the local law compliant with international standards namely the EU Data Protection Directive and to achieve adequacy with European standards to promote safe and trustworthy investment.

The main features of the data protection act Many important changes would be made such as the easing up of the registration process, the introduction of important rights for the individuals, the facilitation of the conduct of enquiries, transfers of personal information abroad and a comprehensive review of the Act which has been characterised by 2 EU consultants assigned by the EU to advise on the amendments to be brought to the legislation, as poorly drafted.

The main features of the data protection act: The practical difficulties encountered by the Commissioner during the investigations conducted by the office to deliver decisions based on a sound interpretation of the principles contained in the Act are quite serious and very often call for legal ingenuosity.

DPO Achievements Guidelines - Data Protection Act 2004 Vol. 1 - A Practical Guide for Data Controllers and Data Proccessors Vol. 2 - Registration Classification & Guidance Notes for Application

DPO Achievements Guidelines - Data Protection Act 2004 Vol. 3 - Data Protection - Your Rights Vol. 4 - Guidelines for Handling Privacy Breaches

DPO Achievements Guidelines - Data Protection Act 2004 Vol. 6 - Guidelines on Privacy Impact Assessments Vol. 5 - Guidelines to regulate The Processing of Personal Data by Video Surveillance Systems

DPO Achievements Guidelines - Data Protection Act 2004 Vol. 7 - Guidelines on Privacy Enhancing Technologies Vol. 8 - " Online Behavioural Advertising, Search Engines and Social Networking Sites : What is the connection?"

DPO Achievements Guidelines - Data Protection Act 2004 Vol. 9 - Practical Notes on Data Sharing Good Practices for the Public and Private Sector Vol 10 - Protecting the Confidentiality of Personal Data by Government Department(s)

DPO Achievements Code of Practice Code of Practice issued by the Data Protection Commissioner for CCTV Systems operated by the Mauritius Police Force

DPO Achievements Code of Practice Poster - Data Protection Office Leaflet - Data Protection Act 2004

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information