The Data Protection Act provides for the protection of individuals against the violation of their privacy by the processing of personal data. The Act provides a very wide definition of the term “ processing” to include the collection, recording, organising, storage, adaptation, alteration, retrieval, gathering, use, disclosure, transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of data.
The Act therefore regulates matters such as:
- processing data for direct marketing purposes;
- the rights of data subjects, namely the individuals whose data is being processed;
- the obligations of data controllers, namely those persons who decide which personal data is to be collected and processed and the manner in which such is to be done;
- the obligations of data processors, namely those persons who process the data for and on behalf of data controllers; and
- transferability of personal data to third countries.
Persons who breach data protection legislation face very hefty fines and penalties as well as the possibility of imprisonment.
The firm has assisted both local and overseas clients including multinational companies, in ensuring compliance with data protection legislation. The services provided by the firm in this regard include the carrying out of data protection audits to benchmark compliance and assistance to clients to get in line with their obligations under data protection legislation (including reviewing and drafting any necessary agreements) and liaising and corresponding with the Office of the Commissioner for Data Protection.