Description
required to ensure that we are processing customer data in a safe, secure and confidential
manner and otherwise in accordance with the provisions under the Act. Some of the legal
requirements imposed upon a company who processes personal data are-
1. Appointment of Data Protection Officer;
2. Registration with the Information Commissioner and payment of an annual registration fee;
3. Processing of personal data in accordance with certain international standards; and
4. Annual filing of a data protection impact assessment.
Note that once you collect, store, use, disclose or destroy the personal data of our
customers/employees/guests/clients, we are required to comply with the legal requirements under
the Act. There is no specific company or entity which is exempted from the Act. The Act is applicable
to both public and private entities.
The following tasks need to be completed within your company to allow for compliance to the Act.
1. The drafting and/or reviewing of data protection policies;
2. The drafting and/or reviewing of data processing and data transfer agreements;
3. Reviewing existing contracts in place with employees and third- party service providers to
ensure compliance with the Act;
4. Conducting data protection and privacy audits to ensure that the organization is compliant
with the Act; and
5. Conducting training sessions on the Act with all employee at all levels within the FLA.
