|
| Chapter 1 Scope and definitions (ss. 29-33) |
| Scope (s. 29) |
In force | 29. Processing to which this Part applies |
| Definitions (ss. 30-33) |
In force | 30. Meaning of "competent authority" |
In force | 31. "The law enforcement purposes" |
In force | 32. Meaning of "controller" and "processor" |
In force | 33. Other definitions |
| Chapter 2 Principles (ss. 34-42) |
In force | 34. Overview and general duty of controller |
In force | 35. The first data protection principle |
In force | 36. The second data protection principle |
In force | 37. The third data protection principle |
In force | 38. The fourth data protection principle |
In force | 39. The fifth data protection principle |
In force | 40. The sixth data protection principle |
In force | 41. Safeguards: archiving |
In force | 42. Safeguards: sensitive processing |
| Chapter 3 Rights of the data subject (ss. 43-54) |
| Overview and scope (s. 43) |
In force | 43. Overview and scope |
| Information: controller's general duties (s. 44) |
In force | 44. Information: controller's general duties |
| Data subject's right of access (s. 45) |
In force | 45. Right of access by the data subject |
| Data subject's rights to rectification or erasure etc (ss. 46-48) |
In force | 46. Right to rectification |
In force | 47. Right to erasure or restriction of processing |
In force | 48. Rights under section 46 or 47: supplementary |
| Automated individual decision-making (ss. 49-50) |
In force | 49. Right not to be subject to automated decision-making |
In force | 50. Automated decision-making authorised by law: safeguards |
| Supplementary (ss. 51-54) |
In force | 51. Exercise of rights through the Commissioner |
In force | 52. Form of provision of information etc |
In force | 53. Manifestly unfounded or excessive requests by the data subject |
In force | 54. Meaning of "applicable time period" |
| Chapter 4 Controller and processor (ss. 55-71) |
In force | 55. Overview and scope |
| General obligations (ss. 56-65) |
In force | 56. General obligations of the controller |
In force | 57. Data protection by design and default |
In force | 58. Joint controllers |
In force | 59. Processors |
In force | 60. Processing under the authority of the controller or processor |
In force | 61. Records of processing activities |
In force | 62. Logging |
In force | 63. Co-operation with the Commissioner |
In force | 64. Data protection impact assessment |
In force | 65. Prior consultation with the Commissioner |
| Obligations relating to security (s. 66) |
In force | 66. Security of processing |
| Obligations relating to personal data breaches (ss. 67-68) |
In force | 67. Notification of a personal data breach to the Commissioner |
In force | 68. Communication of a personal data breach to the data subject |
| Data protection officers (ss. 69-71) |
In force | 69. Designation of a data protection officer |
In force | 70. Position of data protection officer |
In force | 71. Tasks of data protection officer |
| Chapter 5 Transfers of personal data to third countries etc (ss. 72-78) |
| Overview and interpretation (s. 72) |
In force | 72. Overview and interpretation |
| General principles for transfers (ss. 73-76) |
In force | 73. General principles for transfers of personal data |
Omitted | 74. Transfers on the basis of an adequacy decision |
In force | 74A. Transfers based on adequacy regulations |
In force | 74B. Transfers based on adequacy regulations: review etc |
In force | 75. Transfers on the basis of appropriate safeguards |
In force | 76. Transfers on the basis of special circumstances |
| Transfers to particular recipients (s. 77) |
In force | 77. Transfers of personal data to persons other than relevant authorities |
| Subsequent transfers (s. 78) |
In force | 78. Subsequent transfers |
| Chapter 6 Supplementary (ss. 79-81) |
In force | 79. National security: certificate |
In force | 80. Special processing restrictions |
In force | 81. Reporting of infringements |