THE DATA PROTECTION BILL: RESPONSIBILITIES OF DATA CONTROLLERS
In our ongoing series on the proposed Data Protection Bill, we have extensively covered the role of the rights of data subjects. This week, we turn our gaze to the data controller—the individual or organization that decides how and why personal data is processed, as we break down their responsibilities and how they impact the rights of data subjects.
Clear Communication and Transparency
Data controllers must provide clear and comprehensive information when collecting personal data. This includes detailing the purpose of data collection, the retention period, and any third parties with whom the data may be shared. For example, if personal data is collected for marketing purposes, the data controller must disclose if this information will be shared with external partners. Additionally, if data is transferred to another country, data subjects must be informed about the transfer and the safeguards in place.
Timely Response to Requests
When data subjects exercise their rights to access, correct, or delete their personal data, data controllers are required to respond within one month. If the request is complex, the timeframe may be extended by up to two additional months with approval from the Commision. Data controllers must inform the data subject of any delay within the first month. For instance, if a customer requests the removal of their data from a database, the data controller must act on this request and provide confirmation within the stipulated timeframe.
Managing Automated Decisions
If data controllers use automated systems for decision-making, such as in customer credit evaluations or job applicant screenings, they must be transparent about the logic behind these decisions. Data subjects have the right to understand and challenge automated decisions. For example, if an algorithm is used to determine loan eligibility, data controllers must explain how the algorithm works and offer a way for individuals to dispute or review the decision.
Fee Policies
Generally, data controllers cannot charge data subjects for handling their requests. However, a reasonable fee may be charged if requests are manifestly unfounded or excessive. Data controllers must prove that such requests are unreasonable to justify any fees or refusal to act. For instance, if a data subject repeatedly makes similar requests, the data controller might charge a fee to cover administrative costs, provided the fee is reasonable and justified.
领英推荐
Handling Data from Other Sources
When data is obtained from sources other than the data subject, data controllers must provide information about the data source, the categories of data collected, and the purpose of its use. This information should be communicated within one month of obtaining the data or at the time of the first communication with the data subject. For example, if personal data is purchased from a third-party vendor, the data controller must notify the data subjects of this source and its intended use.
Ensuring Fair and Transparent Processing
In addition to initial collection information, data controllers must ensure that personal data processing remains fair and transparent. This includes informing data subjects of all the rights we have discussed in previous segments of this series. Data controllers must also explain any legal or contractual obligations related to data provision and the potential consequences of non-compliance.
By adhering to these responsibilities, data controllers not only comply with the proposed Data Protection Bill but also build trust with data subjects through transparent and fair data practices. Stay tuned for our next edition, where we will clarify the differences between data subjects, controllers, and processors.
Article by Princess Musa Dube?
If you have interest in an in-depth discussion on this subject matter or any Intellectual Property related issues, feel free to contact us at:
[email protected] Tel: 3116371
Disclaimer: This article is for information purposes only and should not be taken as legal advice.
?