Document type
Legislation
Country
(1) According to this Act, personal data shall be considered any information related to a natural person that has been identified or can be identified directly or indirectly through an identification number or through one or more specific indications. The Personal Data Protection Act (PDPA) generally implements the provisions of EU Directive 95/46 (the Data Protection Directive). Special regulations are provided in the Law on Electronic Communications (see above).
(2) All the administrators or controllers of personal data are obliged to register as such with the Personal Data Protection Commission (PDPC). However, the administrator may commence processing once the application is filed (i.e., prior to the actual registration).
(3) The PDPA provides that the collected data may be processed only in certain cases and for certain purposes, exhaustively listed in the act. A general prohibition on the processing of sensitive data (data that disclose race or ethnic origin, political, religious or philosophical beliefs, as well as data related to health, sexual life or the human genome) is also provided, listing the cases where this prohibition shall not apply.
- Ordinance No. 1 on the minimum level of the technical and organisational measures and the permissible type of personal data protection Recently, on the basis of the Personal Data Protection Act, the Personal Data Protection Commission adopted Ordinance No. 1, which imposes to set up a minimum level of technical and organizational measures in order to collect, store and process data.
Country
Year
2002
Topic, claim, or defense
Privacy or Data Protection
Document type
Legislation
Issuing entity
Legislative Branch
Type of service provider
General or Non-Specified
OSP obligation considered
Other
Type of law
Civil
General effect on immunity
Mixed/Neutral/Unclear