Data Protection and You

Your Rights & The LawRegistration Basics

Other ActivitiesDisclaimer: This presentation only provides an introductory info. Please consult the Data Protection Office for further queries.

How does data

protection concern me? And

why it matters?

Would you have th

ought that…

these digita

l codes

might

represent

INFO about Y

OU!!!

Data Protection & You

Bank

Data Protection & You

Data Protection & You

Data Protection & You

Name

Address

Telephone

Data Protection & You

Data Protection & You

Did You Know

• More than 50 countries have Laws related to International Data Privacy*.

* http://www.informationshield.com/intprivacylaws.html

Data Protection & You

Did You Know

• Identity theft cases and data breaches are increasing worldwide*.

* http://www.identitytheft.infoData Protection & You

Are data breaches also prevalent in Mauritius?

Data Protection & You

You might be the next Victim, so it is

important to know what Data Protection is

about…

Data Protection & You

As individuals, you should have control over your personal data.

Your Rights & The Law

Enacted in 2004, Proclaimed in 2009.

DPA provides a legal framework to ensure that your personal information is handled properly.

Your Rights & The Law

But…

Who Holds Info about Me?

Your Rights & The Law

Your Rights & The Law

Data Controllers are: People who decide how to use

personal data of living individuals

A medical practitioner

Human Resource Manager

A sports club manager

A public librarian

Your Rights & The Law

Can data controllers do

anything with my personal info???

Your Rights & The Law

The Data Protection Office (DPO) enforces the provisions of the Data Protection Act

Mission of DPO:

Safeguard the privacy rights of all individuals with regard to the processing of their personal data.

Your Rights & The Law

Your Rights & The Law

Your Rights & The Law

1. Fairly and lawfully processed.2. Collected for specified & lawful purpose/s.3. Adequate, relevant and not excessive.4. Accurate.5. Not kept longer than necessary.6. Processed in accordance with data subjects

rights.7. Secure.8. Not transferred to countries without

adequate data protection law.

Data collected must be:

Your Rights & The Law

How do I register as a data controller?

1 for Employee

1 for Non-EmployeeNon-employee is any personal information pertaining to clients/suppliers/creditors/debtors/shareholders/board of directors (non-salaried) or any other categories of persons who are not employees, e.g subcontractors

Registration Basics

Registration Basics

Online Registration at

http://dataprotection.gov.mu

1. Log-in with your Username and password

Note: for 1st time users, a user account must be created using the guidelines online

2. Complete 2 separate forms & submit online

3. Await validation from DPO

4. Make payment at DPO

Get a copy of the application form at

http://dataprotection.gov.mu

or at the DPO

1. Fill in 2 separate forms2. Validate application forms at DPO

3. Make payment at DPO

Section 1 - Provide details about the organisation: public/private organisations, professionals, sole traders, partnerships, societes, etc...

Section 2 – Provide details of a contact person

Section 3 – List down only the TYPE of information and NOT the data being held for: (1)employee in the employee form and (2)non-employee in the non-employee form Note: ‘Name’ is a type but ‘John’ is the data. For registration purposes, only specify the type, i.e ‘Name’

Section 4 – Fill in for any sensitive data being held

Section 5 – Describe nature of business

Section 6 - Fill in for any disclosure to entities e.g National Pension Fund

Section 7 – Fill in for any transfer of data abroad

Section 8 – Confirm if information is disclosed to public

Registration Basics

Make payments for BOTH forms. Payment for non-employee form will bear the same amount as the employee form.

First time registrations for:Above 25 employees = Rs 2000 for employee + Rs 2000 for non-

employee

1-25 employees = Rs 1000 for employee + Rs 1000 for non-employee

Zero employee = Rs 800 for non-employee

Registration Basics

Registrations have to be renewed annually

by filling both employee and non-employee

application forms with respective payments.

Renewal fees for:Above 25 employees = Rs 1750 for employee + Rs 1750 for

non-employee

1-25 employees = Rs 750 for employee + Rs 750 for non-employee

Zero employee = Rs 550 for non-employee

Registration Basics

Other Activities

Who can make a complaint to the Data Protection Office?

Any individual who feels that the privacy rights with regard to his/her personal data may have been affected.

Other Activities

1. Download and fill in a complaint form available on the Data Protection Office website.

2. Investigation is carried out on complaint unless complaint is of frivolous or vexatious nature.

3. Commissioner notifies complainant of the decision which has been taken.

4. Complainant can appeal to ICT tribunal if he/she is not satisfied with the decision.

Other Activities

Other Activities

1. Download and fill in a Request for Access form found on the Data Protection Office website.

2. Submit the form along with a payment of Rs 75 to the data controller from whom the information is being requested.

3. Data controller must comply with a request not later than 28 days after receipt of request.

Other Activities

Data Protection Act

Data Protection Act

Enacted in 2004, proclaimed in 2009

D P OD P O Data Protection Office

DataData Personal and Sensitive information

Complaint FormComplaint Form Available from DPO Website

RegistrationRegistration For both employee and non-employee

Other Activities

Is the Data Protection Office a public one?

Yes.

Other Activities

What can the Data Protection Office do when a data controller contravenes the Data Protection Act?

The Commissioner may serve an enforcement notice requiring the data controller to take steps and implement measures within a specified period of time.

Other Activities

Is it an offence not to comply with the enforcement notice?

Yes. Any person who does not comply with the enforcement notice and does not have a reasonable excuse for not complying, will commit an offence, the penalty of which will be a fine not exceeding Rs 50,000 and imprisonment not exceeding 2 years.

Other Activities

DATA PROTECTION OFFICE 4th Floor, Emmanuel Anquetil Building,

Port Louis

Website: http://dataprotection.gov.mu

Telephone: 201 3962, 201 2182

http://templateswise.com

http://www.infotheft.info

http://www.linkedin.com

http://www.facebook.com

http://office.microsoft.com

http://www.iconarchive.com

http://dataprotection.gov.mu

http://www.informationshield.com