1 / 42

Personal Data Protection

Personal Data Protection. Data Protection and You Your Rights & The Law Registration Basics Other Activities. Disclaimer: This presentation only provides an introductory info. Please consult the Data Protection Office for further queries. Data Protection and You.

dmanigault
Download Presentation

Personal Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Personal Data Protection Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please consult the Data Protection Office for further queries.

  2. Data Protection and You How does data protection concern me? And why it matters?

  3. Would you have thought that… these digital codes might represent INFO about YOU!!! … How??? Data Protection & You

  4. Every time You Fill in a Form(paper or electronic), e.g Bank You are providing Your Data!!! Data Protection & You

  5. Types of Data Data Protection & You

  6. Personal Data is… data which relates to a living individual and who can be identified from this data. Data Protection & You

  7. Some Examples of Personal Data Name Address Telephone Data Protection & You

  8. Following data is… Data Protection & You

  9. Did You Know • More than 50 countries have Laws related to International Data Privacy*. Data Protection & You * http://www.informationshield.com/intprivacylaws.html

  10. Did You Know • Identity theft cases and data breaches are increasing worldwide*. Data Protection & You * http://www.identitytheft.info

  11. Are data breaches also prevalent in Mauritius? Data Protection & You

  12. Is this relevant to me? You might be the next Victim, so it is important to know what Data Protection is about… Data Protection & You

  13. Your Rights & The Law

  14. Your Rights As individuals, you should have control over your personal data. Your Rights & The Law

  15. Data Protection Act (DPA) • Enacted in 2004, Proclaimed in 2009. • DPA provides a legal framework to ensure that your personal information is handled properly. Your Rights & The Law

  16. But… Who Holds Info about Me? Your Rights & The Law

  17. Data Controllers and, Who Are They??? Your Rights & The Law

  18. Data Controllers are: People who decide how to use personal data of living individuals A medical practitioner A public librarian • A sports club manager Human Resource Manager Your Rights & The Law

  19. Can data controllers do anything with my personal info??? NO Your Rights & The Law

  20. The Data Protection Office (DPO) enforces the provisions of the Data Protection Act Mission of DPO: Safeguard the privacy rights of all individuals with regard to the processing of their personal data. Your Rights & The Law

  21. Data Protection Office @ Your Service Your Rights & The Law

  22. Below are some of the functions of DPO… Register all data controllers and data processors in Mauritius Investigate Complaints Conduct periodical security checks and data protection compliance audits Exercise control on all data protection issues Research on data processing & computer technology Your Rights & The Law

  23. Data collected must be: 8 Data Protection Principles Fairly and lawfully processed. Collected for specified & lawful purpose/s. Adequate, relevant and not excessive. Accurate. Not kept longer than necessary. Processed in accordance with data subjects rights. Secure. Not transferred to countries without adequate data protection law. Your Rights & The Law

  24. Registration Basics

  25. How do I register as a data controller? Fill in 2 Separate Forms 1 for Employee 1 for Non-Employee Non-employee is any personal information pertaining to clients/suppliers/creditors/debtors/shareholders/board of directors (non-salaried) or any other categories of persons who are not employees, e.g subcontractors Registration Basics

  26. Online Registration at http://dataprotection.gov.mu Get a copy of the application form at http://dataprotection.gov.mu or at the DPO How can Registration be carried out? 1. Log-in with your Username and password Note: for 1st time users, a user account must be created using the guidelines online 1. Fill in 2 separate forms 2. Validate application forms at DPO 2. Complete 2 separate forms & submit online 3. Make payment at DPO 3. Await validation from DPO 4. Make payment at DPO Registration Basics

  27. Section 1 - Provide details about the organisation: public/private organisations, professionals, sole traders, partnerships, societes, etc... • Section 2 – Provide details of a contact person • Section 3 – List down only the TYPE of information and NOT the data being held for: • employee in the employee form and • non-employee in the non-employee form • Note: ‘Name’ is a type but ‘John’ is the data. For registration purposes, only specify the type, i.e ‘Name’ • Section 4 – Fill in for any sensitive data being held • Section 5 – Describe nature of business • Section 6 - Fill in for any disclosure to entities e.g National Pension Fund • Section 7 – Fill in for any transfer of data abroad • Section 8 – Confirm if information is disclosed to public How to Fill in Registration Basics

  28. Make payments for BOTH forms. Payment for non-employee form will bear the same amount as the employee form. • First time registrations for: • Above 25 employees = Rs 2000 for employee + Rs 2000 for non-employee • 1-25 employees = Rs 1000 for employee + Rs 1000 for non-employee • Zero employee = Rs 800 for non-employee Payment Registration Basics

  29. Registrations have to be renewed annually by filling both employee and non-employee application forms with respective payments. Renewal fees for: Above 25 employees = Rs 1750 for employee + Rs 1750 for non-employee 1-25 employees = Rs 750 for employee + Rs 750 for non-employee Zero employee = Rs 550 for non-employee Renewal Registration Basics

  30. Other Activities

  31. Complaint Handling Other Activities

  32. Who can make a complaint to the Data Protection Office? • Any individual who feels that the privacy rights with regard to his/her personal data may have been affected. Other Activities

  33. 1. Download and fill in a complaint form available on the Data Protection Office website. 2. Investigation is carried out on complaint unless complaint is of frivolous or vexatious nature. 3. Commissioner notifies complainant of the decision which has been taken. 4. Complainant can appeal to ICT tribunal if he/she is not satisfied with the decision. Procedure for Complaint Handling Other Activities

  34. Request for Access to Personal Data Other Activities

  35. 1. Download and fill in a Request for Access form found on the Data Protection Office website. • 2. Submit the form along with a payment of Rs 75 to the data controller from whom the information is being requested. • 3. Data controller must comply with a request not later than 28 days after receipt of request. How to Request for Access to Personal Data? Other Activities

  36. A Recap… Data Protection Act Enacted in 2004, proclaimed in 2009 D P O Data Protection Office Data Personal and Sensitive information Complaint Form Available from DPO Website Registration For both employee and non-employee Other Activities

  37. Is the Data Protection Office a public one? Yes. Other Activities

  38. What can the Data Protection Office do when a data controller contravenes the Data Protection Act? The Commissioner may serve an enforcement notice requiring the data controller to take steps and implement measures within a specified period of time. Other Activities

  39. Is it an offence not to comply with the enforcement notice? Yes. Any person who does not comply with the enforcement notice and does not have a reasonable excuse for not complying, will commit an offence, the penalty of which will be a fine not exceeding Rs 50,000 and imprisonment not exceeding 2 years. Other Activities

  40. Contact US DATA PROTECTION OFFICE 4th Floor, Emmanuel Anquetil Building, Port Louis Website: http://dataprotection.gov.mu Telephone: 201 3962, 201 2182

  41. Acknowledgments http://templateswise.com http://www.infotheft.info http://www.linkedin.com http://www.facebook.com http://office.microsoft.com http://www.iconarchive.com http://dataprotection.gov.mu http://www.informationshield.com

More Related