Skip to main content
Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 25 May 2018 - onwards
Version 2 of 2

36. Suitable and specific measures for processing

(1) Where a requirement that suitable and specific measures be taken to safeguard the fundamental rights and freedoms of data subjects in processing personal data of those subjects is imposed by this Act or regulations made under this Act, those measures may include in particular the following -

(a) explicit consent of the data subject for the processing of his or her personal data for one or more specified purposes,

(b) limitations on access to the personal data undergoing processing within a workplace in order to prevent unauthorised consultation, alteration, disclosure or erasure of personal data,

(c) strict time limits for the erasure of personal data and mechanisms to ensure that such limits are observed,

(d) specific targeted training for those involved in processing operations, and

(e) having regard to the state of the art, the context, nature, scope and purposes of data processing and the likelihood of risk to, and the severity of any risk to, the rights and freedoms of data subjects -

(i) logging mechanisms to permit verification of whether and by whom the personal data have been consulted, altered, disclosed or erased,

(ii) in cases in which it is not mandatory under the Data Protection Regulation, designation of a data protection officer,