data protection and you your rights & the law registration basics other activities disclaimer:...
TRANSCRIPT
Data Protection and You
Your Rights & The LawRegistration Basics
Other ActivitiesDisclaimer: This presentation only provides an introductory info. Please consult the Data Protection Office for further queries.
How does data
protection concern me? And
why it matters?
Would you have th
ought that…
these digita
l codes
might
represent
INFO about Y
OU!!!
Data Protection & You
Bank
Data Protection & You
Data Protection & You
Data Protection & You
Name
Address
Telephone
Data Protection & You
Data Protection & You
Did You Know
• More than 50 countries have Laws related to International Data Privacy*.
* http://www.informationshield.com/intprivacylaws.html
Data Protection & You
Did You Know
• Identity theft cases and data breaches are increasing worldwide*.
* http://www.identitytheft.infoData Protection & You
Are data breaches also prevalent in Mauritius?
Data Protection & You
You might be the next Victim, so it is
important to know what Data Protection is
about…
Data Protection & You
As individuals, you should have control over your personal data.
Your Rights & The Law
Enacted in 2004, Proclaimed in 2009.
DPA provides a legal framework to ensure that your personal information is handled properly.
Your Rights & The Law
But…
Who Holds Info about Me?
Your Rights & The Law
Your Rights & The Law
Data Controllers are: People who decide how to use
personal data of living individuals
A medical practitioner
Human Resource Manager
A sports club manager
A public librarian
Your Rights & The Law
Can data controllers do
anything with my personal info???
Your Rights & The Law
The Data Protection Office (DPO) enforces the provisions of the Data Protection Act
Mission of DPO:
Safeguard the privacy rights of all individuals with regard to the processing of their personal data.
Your Rights & The Law
Your Rights & The Law
Your Rights & The Law
1. Fairly and lawfully processed.2. Collected for specified & lawful purpose/s.3. Adequate, relevant and not excessive.4. Accurate.5. Not kept longer than necessary.6. Processed in accordance with data subjects
rights.7. Secure.8. Not transferred to countries without
adequate data protection law.
Data collected must be:
Your Rights & The Law
How do I register as a data controller?
1 for Employee
1 for Non-EmployeeNon-employee is any personal information pertaining to clients/suppliers/creditors/debtors/shareholders/board of directors (non-salaried) or any other categories of persons who are not employees, e.g subcontractors
Registration Basics
Registration Basics
Online Registration at
http://dataprotection.gov.mu
1. Log-in with your Username and password
Note: for 1st time users, a user account must be created using the guidelines online
2. Complete 2 separate forms & submit online
3. Await validation from DPO
4. Make payment at DPO
Get a copy of the application form at
http://dataprotection.gov.mu
or at the DPO
1. Fill in 2 separate forms2. Validate application forms at DPO
3. Make payment at DPO
Section 1 - Provide details about the organisation: public/private organisations, professionals, sole traders, partnerships, societes, etc...
Section 2 – Provide details of a contact person
Section 3 – List down only the TYPE of information and NOT the data being held for: (1)employee in the employee form and (2)non-employee in the non-employee form Note: ‘Name’ is a type but ‘John’ is the data. For registration purposes, only specify the type, i.e ‘Name’
Section 4 – Fill in for any sensitive data being held
Section 5 – Describe nature of business
Section 6 - Fill in for any disclosure to entities e.g National Pension Fund
Section 7 – Fill in for any transfer of data abroad
Section 8 – Confirm if information is disclosed to public
Registration Basics
Make payments for BOTH forms. Payment for non-employee form will bear the same amount as the employee form.
First time registrations for:Above 25 employees = Rs 2000 for employee + Rs 2000 for non-
employee
1-25 employees = Rs 1000 for employee + Rs 1000 for non-employee
Zero employee = Rs 800 for non-employee
Registration Basics
Registrations have to be renewed annually
by filling both employee and non-employee
application forms with respective payments.
Renewal fees for:Above 25 employees = Rs 1750 for employee + Rs 1750 for
non-employee
1-25 employees = Rs 750 for employee + Rs 750 for non-employee
Zero employee = Rs 550 for non-employee
Registration Basics
Other Activities
Who can make a complaint to the Data Protection Office?
Any individual who feels that the privacy rights with regard to his/her personal data may have been affected.
Other Activities
1. Download and fill in a complaint form available on the Data Protection Office website.
2. Investigation is carried out on complaint unless complaint is of frivolous or vexatious nature.
3. Commissioner notifies complainant of the decision which has been taken.
4. Complainant can appeal to ICT tribunal if he/she is not satisfied with the decision.
Other Activities
Other Activities
1. Download and fill in a Request for Access form found on the Data Protection Office website.
2. Submit the form along with a payment of Rs 75 to the data controller from whom the information is being requested.
3. Data controller must comply with a request not later than 28 days after receipt of request.
Other Activities
Data Protection Act
Data Protection Act
Enacted in 2004, proclaimed in 2009
D P OD P O Data Protection Office
DataData Personal and Sensitive information
Complaint FormComplaint Form Available from DPO Website
RegistrationRegistration For both employee and non-employee
Other Activities
Is the Data Protection Office a public one?
Yes.
Other Activities
What can the Data Protection Office do when a data controller contravenes the Data Protection Act?
The Commissioner may serve an enforcement notice requiring the data controller to take steps and implement measures within a specified period of time.
Other Activities
Is it an offence not to comply with the enforcement notice?
Yes. Any person who does not comply with the enforcement notice and does not have a reasonable excuse for not complying, will commit an offence, the penalty of which will be a fine not exceeding Rs 50,000 and imprisonment not exceeding 2 years.
Other Activities
DATA PROTECTION OFFICE 4th Floor, Emmanuel Anquetil Building,
Port Louis
Website: http://dataprotection.gov.mu
Telephone: 201 3962, 201 2182
http://templateswise.com
http://www.infotheft.info
http://www.linkedin.com
http://www.facebook.com
http://office.microsoft.com
http://www.iconarchive.com
http://dataprotection.gov.mu
http://www.informationshield.com